[cups.general] hiding unwanted printers

Lucio Chiappetti lucio at lambrate.inaf.it
Fri Sep 12 03:28:18 PDT 2008


On Thu, 11 Sep 2008, John Hodrien wrote:

> On Thu, 11 Sep 2008, Lucio Chiappetti wrote:

>>  In our institute the "typical user workstation" is a Linux CUPS client
>>  of a single CUPS server (running CUPS 1.2.7 under SuSE Linux). [...]
>>  occasionally [...] some moron connects his own machine [...] and
>>  misconfigures it to announce to be a CUPS server. [...] all users
>>  [see] an excessively long list of printers.

> Why not just set the machines up without cups running, and have
> /etc/cups/client.conf:
> ServerName cupsserver.my.domain

That's exactly our INTENDED configuration, The well-behaved workstations 
(actually the permanent ones, part of our NIS domain) SHOULD all be 
configured as clients without cupsd. Anyhow I found one where cupsd was 
running for unclear reasons (althoough yast2 said it was not enabled nor 
associated to any runlevel), I stopped it, and still showed the problem 
.... the wrong list of printers is propagated by the CUPS server !

(in fact this morning the list was different than the one of yesterday, 
different morons ... but we cannot forbid our staff nor visitors to 
connect their laptops to DHCP or to add dedicated machines outside of the 
NIS domain)

> That gets the client only talking to your server which I'm assuming will 
> have browsing disabled.

This issue of browsing is a bit unclear to us (is it a matter of ISSUING 
announcements or RECEIVING announcements ?) and it is not sure whether 
yast2 copes with it correctly.

yast2-> hardware-> printer -> other -> expert cups setting-> cups server 
setting  contains a "browsing on / off"

yast2-> hardware-> printer -> other -> change IPP listen  contains a tick 
box "Listen to IPP broadcast packets" and a select address button

Now it looks like that the "Listen to IPP broadcast packets" tick box has 
no counterpart in /etc/cupsd.conf but toggles the Browsing On/Off as the
"browsing on / off" radio button.

After a few unsuccessful attempts (inclusive of browsing off having no 
effect), we ended up modifying (partly manually) cupsd.conf to contain

Browsing On
BrowseOrder Deny,Allow
BrowseAllow none
BrowseDeny all

This originally seemed to have no effect. At this point we turned off in 
the firewall both the IPP client and server protocols. Turning off the IPP 
server seemed to have the wished effect (the web page on port 631 of the 
server showed ONLY the network printers defined there), but caused a 
disaster on all the clients (who could not see any printer).

However after reopening the firewall, with the same cupsd.conf above we 
continue seeing only the correct network printers, despite the fact the 
moron machines may still be on.

In fact our sysman got hold of one of those and had it properly 
configured (which in principle is what we do NOT want to do, we want 
simply not see them) ... the others do not show up on the web page on port 
631 ... and therefore we cannot do any more test).

Could it be that our cupsd.conf is correct, but there was some cache 
somewhere that the turning off and back on of the firewall has cleared ?

-- 
------------------------------------------------------------------------
Lucio Chiappetti - INAF/IASF - via Bassini 15 - I-20133 Milano (Italy)
For more info : http://www.iasf-milano.inaf.it/~lucio/personal.html
------------------------------------------------------------------------
Do not blame ME, I did NOT vote Berlusconi.
------------------------------------------------------------------------





More information about the cups mailing list