لطفا منتظر باشید ...
Configuring a
CUPS Server
CUPS is an unusually flexible printing system
for UNIX and Linux computers. Rather than a re-implementation of the BSD LPD
package (which is what LPRng is), CUPS is a new framework around which printing
on Linux can work.Part of this framework is a
compatibility layer, so that applications and users can use familiar printing
commands, and so that CUPS clients can use LPD print servers, and vice versa. Major
additional features include support for a new network printing protocol, IPP,
which is based on the Hypertext Transfer Protocol (HTTP) used by Web servers
and browsers; the ability to pass file type information with files to simplify
the selection of print filters on the print server; the use of PostScript
Printer Description (PPD) files to define printer capabilities; and
"printer browsing," a feature that allows a client to search for
printers on the network without having to explicitly configure the client to
use a specific printer. If CUPS is widely adopted, these features will greatly
simplify printer configuration, both for non-networked and networked use.One major hurdle faced by CUPS is the fact
that it doesn't use the same types of configuration files that BSD LPD or LPRng
use. Therefore, if you're already familiar with these systems, you'll have to
learn to configure your printers in an entirely new way. If you like to work
with GUI tools, you may want to look into a GUI front-end to CUPS for general
configuration, such as KUPS ( target="_blank">http://cups.sourceforge.net/kups/ ) or ESP Print Pro ( target="_blank">http://www.easysw.com/printpro/ ). CUPS also comes with a Web-based tool, as described shortly; you
can point your Web browser at http://localhost:631 to
configure the computer on which the Web browser is running.NOTE
align=left border=0> As with the other printing systems, a
complete description of CUPS printer configuration is beyond the scope of
this book. This section assumes that you can create a minimally functional
local print queue; I describe only those options related to the networking
aspects of the printer definition. For more information on basic CUPS
configuration, consult the CUPS documentation at
Configuring /etc/cups/cupsd.conf
The CUPS server is controlled through the /etc/cups/cupsd.conf file. This file is modeled after the Apache configuration file
(discussed in
Running Web Servers), as CUPS borrows many HTTP server features. CUPS also uses
several other configuration files, such as /etc/cups/printers.conf and /etc/cups/classes.conf , which define specific printers and groups of printers,
respectively. Both these files are normally edited via the lpadmin configuration tool or a GUI front-end, but the CUPS documentation recommends
editing cupsd.conf manually.The cupsd.conf file consists
of a series of directives that set specific
features of the server's function, such as the server's name or where logs are
stored. Directives that are particularly important for network print server
functions include the following: Allow This directive is followed by the keyword from and the
wildcards All or None , a hostname, a hostname with an asterisk wildcard (such as *.threeroomco.com ), a partial or complete IP address, or an IP address with a netmask
(in either CIDR or 8-byte formats). Any of these forms specify computers that
are allowed access to the server. You can include multiple Allow directives to grant access to multiple computers or groups of computers. This
directive must appear within a Location
directive. AuthClass This directive takes a value of Anonymous (the default), User , System , or Group . Anonymous results in no need to authenticate clients; this works much like a BSD LPD
system. The remaining three options require clients to provide a valid username
and password. System further requires that the user belong to the sys group, as
set by the SystemGroup directive. Group requires that the user belong to the group named by the AuthGroupName directive. BrowseAddress The CUPS printer browsing features works best when a central
server collects information on available printers on a network. You can set
this server with the BrowseAddress directive, which takes an IP address or hostname and port number as
an option, as in 192.168.23.34:631 . (631 is the usual port number for this and most other CUPS
connections.) The default is 255.255.255.255:631 , which results in a broadcast to all computers on the local
network. BrowseAllow To use printer browsing from a client, your server must accept
browse packets from the client. This directive is followed by the keyword from and the
partial or complete hostname or IP address of the computers from which the
server will accept browse packets. The default is to accept browse packets from
all computers. BrowseDeny This directive is the opposite of BrowseAllow ; you can
blacklist just certain networks or clients using this directive. BrowseOrder When you use both BrowseAllow and BrowseDeny ,
this directive determines the order in which the first two directives are
applied. Options are BrowseOrder
Allow,Deny and BrowseOrder
Deny,Allow . BrowseInterval This directive sets the time in seconds between outgoing browse
queries. A value of 0 disables outgoing browse queries. This value should always be less
than the value of BrowseTimeout , or printers will periodically disappear from your local browse
list. BrowsePoll You can set the name or IP address of a print server you want to
poll for printers using this directive. You can poll multiple servers by using
this value more than once. BrowsePort The default port for printer browsing is 631, but you can override
this value by using this directive. BrowseTimeout CUPS removes information on network printers and classes at an
interval determined by this directive. This value should always be greater than
the BrowseInterval value, or printers will periodically disappear from a CUPS client's
browse list. Browsing You can enable or disable network browsing by setting this
directive to On or Off , respectively. The default value is On . Deny This directive is the opposite of Allow ; it's a
specification of computers that are not allowed access to the server. It
must appear within a Location
directive. HostNameLookups This directive takes values of Off , On , and Double . These
cause CUPS to not look up hostnames of clients, to look up hostnames for every
client that connects, and to look up the hostname and then look up the IP
address from the obtained hostname, respectively. The Double option
in particular provides some protection against certain types of attack, because
it prevents connections from systems with misconfigured DNS entries. The
default is Off , because this setting results in the least performance cost and
because it's most reliable (the other options can cause problems if your network's
DNS server goes down or becomes slow). Listen You can tell CUPS to use only a subset of your computer's network
interfaces by using one or more Listen directives. Follow the directive
name with the IP address associated with the network interface, a colon, and a
port number (normally 631). For instance, Listen 192.168.23.8:631 causes the computer to use the interface associated with the 192.168.23.8
address. You can use more than one Listen directive (and
probably should, to bind to the 127.0.0.1 interface as well as whatever network
interface you want active). Location This directive is unusual in that it surrounds others, defining a
location within the CUPS document tree to which the surrounded directives
apply. For instance, you must include Allow and Deny directives within a Location directive, in order to restrict access to particular document types
(and hence particular types of operations) for specific clients. To start a Location directive, you include that keyword in angle braces ( <> )
along with the name of the location. To end such a directive, you use the
string </Location> . Possible locations you can restrict include /admin for
administrative actions, /classes for printer classes, /jobs for print jobs, and /printers for
printers. MaxClients You can limit the number of clients that can connect to a server
using this directive. The default value is 100 . Order This directive is similar to the BrowseOrder directive,
but it applies to the Allow and Deny directives. Order
Allow,Deny causes Allow directives to be
applied before Deny directives, whereas Order Deny,Allow does the opposite. Port CUPS normally listens on port 631 for IPP transfers, but you can
change the default port with this directive. You can specify multiple ports by
using this directive more than once. Note that this does not affect the port CUPS uses for interacting with
BSD LPD clients and servers, or compatible programs.The default /etc/cups/cupsd.conf file
provided with most CUPS packages leaves the server fairly open to access from
outsiders. You should probably tighten access by applying CUPS configuration
rules to restrict access to the server. For instance, the following directives
block access to anything but the server computer itself and systems on the
172.22.0.0/16 network: <Location /printers> BrowseAllow from 127.0.0.1 BrowseAllow from 172.22.0.0/16 Allow from 127.0.0.1 Allow from 172.22.0.0/16 </Location>
Because it applies to the /printers location, the preceding example does not completely close off access to the server.
For instance, administrative tasks (via the /admin location) and
access to specific print job information (via the /jobs location) is still
available to other systems. You should probably restrict access to these
locations as well, and apply packet filter firewall rules (as discussed in
latter will completely block access to systems you don't authorize, assuming no
bugs or misconfiguration.
Accepting Jobs from BSD LPD or LPRng Clients
The preceding discussion of /etc/cups/cupsd.conf directives applies most directly to clients that support IPP. Neither
BSD LPD nor LPRng uses IPP, though; they use the older LPD protocol. (Work is
underway for adding IPP support to LPRng, though.) Therefore, if your CUPS
print server must accept print jobs from clients that use the LPD protocol,
CUPS needs a helper program to let it do the job. This program is called cups-lpd , and
it comes with CUPS.To use cups-lpd , you must configure
it to work via a super server such as inetd or xinetd , as
discussed in
package doesn't work as a standalone server. It's normally located in the /usr/lib/cups/daemon directory. An appropriate /etc/inetd.conf file
entry is as follows: printer stream tcp nowait lp /usr/lib/cups/daemon/cups-lpd cups-lpd
the differences between inetd and xinetd , should you need to configure cups-lpd to work with xinetd . Some
distributions ship preconfigured to work correctly with BSD LPD clients, so you
may not need to make such a modification.WARNING
align=left border=0> CUPS provides no means to control printer
access to clients using the LPD protocol. Such jobs are submitted locally
using the server's own address, so the normal /etc/cups/cupsd.conf directives don't have any effect. To limit outside access to a CUPS server
that supports the LPD protocol, you must use a packet filter firewall or some
other outside mechanism.
Specifying the
Server on a CUPS Client
You can add printers to CUPS by using the
command-line lpadmin utility, by using a GUI front-end to lpadmin , or by entering http://localhost:631 in a Web browser running on the computer (or the hostname and :631 on
another computer that's allowed administrative access). Each of these methods
of administration allows you to add or delete printers accessible from the computer
in question, or to perform various other administrative tasks.To add a network printer, you could use lpadmin to
enter a command like the following: # lpadmin -p PrinterName -E -v lpd:// server.name / queuname -m \ ppdfile.ppd
In this example, PrinterName is the name of the printer queue to be used locally, server.name is the hostname of the print server, and queuename is the name of the print queue on that server. This example shows access to a
print queue that uses the BSD LPD protocol, as indicated by the lpd that
precedes the server and queue names. To use another CUPS server, you might
prefer using ipp in place of lpd . This tells CUPS to use IPP rather than the BSD LPD protocol. (You
can create a local queue in much the same way, but the parameter to -v would be parallel:/dev/lp0 or some other local device identifier.) Finally, the -m parameter
identifies the PPD file for the printer, so that CUPS can pass information on
the printer's capabilities back to CUPS-aware applications. On most
installations, you can find a collection of PPD files in the /usr/share/cups/model directory tree. Many PostScript printers also ship with their own
PPD files, which you can use. You can also attempt to use the driver listings
at the Linux Printing Web site,
in the CUPS-O-Matic area and click Generate CUPS PPD. After a brief delay, the result
should be a PPD file that describes your printer's capabilities. As the
comments in the generated file note, though, this machine-generated PPD file
might have quirks, or it might not even work at all. For this reason, you're
better off using a PPD file that's provided by your printer's manufacturer, if
possible.TIP
align=left border=0> If you've configured both the client and
the server to perform CUPS browsing, as described earlier, you shouldn't need
to explicitly add CUPS IPP printers; the client should retrieve the list of
available printers and make them available automatically. Adding a printer
manually is most useful for LPD print queues.
If you want to modify an existing print
queue, you may do so with the lpadmin tool just as if you were adding a
new queue. Specify the original name and any other options you include override
the originals. For instance, you can change a local queue to a network queue by
using the -v option and specifying the new location.If you prefer to use a GUI tool, the Web
interface (shown in
supported by default on a standard installation. After you enter the URL to
your computer (including the port 631 specification), CUPS prompts you for an
administrative username and password. You can then select from several options,
such as Do Administration Tasks and Manage Printers.
the latter, in which you can create, delete, and administer printers.
two defined printers. The first, hp4000 , is the default and is an LPD
printer. The second, lexmark , is connected to the parallel port. You can click Modify Printer to
modify the basic settings, such as the server name, or you can adjust
printer-specific settings such as page size and printer memory by clicking
Configure Printer.
