[cups] A primer on CUPS and printers
Jörg Thümmler
listen at vordruckleitverlag.de
Mon Mar 1 22:57:42 PST 2021
Am 01.03.21 um 17:54 schrieb Johnnie W Adams:
> Hi,
>
> This is all super helpful!
>
> My specific problem right now is going from the old 1.3.7 version to
> the new 1.6.3 version as I move from one machine to another. (I can't go to
> a 2.x version for a while.) I am having extreme trouble getting
> authentication working. I've yet to see a pop-up box for it. I normally get
> a login box when I configure a printer on the old 1.3.7 version; on the new
> one, I just get Forbidden. I'm not seeing a difference in cupsd.conf that
> explains it, either.
>
> Thanks,
>
> John A
>
> On Thu, Feb 18, 2021 at 9:52 AM Jörg Thümmler <listen at vordruckleitverlag.de>
> wrote:
>
>> Am 18.02.21 um 15:14 schrieb Johnnie W Adams:
>>> Hi, folks,
>>>
>>> I spent the first ten years of my time as a UNIX/Linux admin
>> working
>>> with very large systems that didn't use printers.
>>>
>>> Now I do manage printers, and am finding it much rougher going
>> than i
>>> had expected. I'm right now working on moving CUPS and a couple hundred
>>> printers from a very old version of Linux to a new one. (RHEL 5 to RHEL
>> 7,
>>> and no, it was not my idea to let that old RHEL 5 machine live this
>> long.)
>>> I get the pieces, but I don't yet have an overview of what I'm doing.
>>>
>>> Can someone recommend a primer or a reading path through the CUPS
>>> documentation?
>>>
>>> Thanks,
>>>
>>> John A
>>>
>>
>> Hi,
>>
>> you might have seen, the localhost:631 website has quite good references
>> for the configs. Mostly you don't need that more.
>>
>> Apples view on this you can find here:
>> https://opensource.apple.com/source/cups/cups-30/doc/sam.pdf
>>
>> There will be more in the www, but usually, if you don't have to manage
>> very special things, this is enough. If your users use modern software,
>> as office, webbrowser, mailer using a graphical desktop, printing will
>> be done as in window$.
>> Other software (if without own special drivers) should put out
>> postscript, which cups converts into the printer language, the used
>> printer understands. Usually the "lpr" command is used this way.
>> And you can write own "drivers" and pipe the data to an "raw" printer,
>> which just sends the data without conversion to the used printer by "lpr".
>> If you have simple txt data, you can use "enscript" to generate ps from
>> that.
>> A thing i often use as a shortcut for programming graphic output from
>> data without complex office stuff is: producing html output, then
>> converting in pdf by "wkhtmltopdf" and then converting to ps by "pdf2ps"
>> and then sending as ps to a ps printer. Sounds strange, but is fast and
>> good quality...
>>
>> hth - feel free to ask further...
>>
>> --
>> cu
>>
>> jth
>> _______________________________________________
>> cups mailing list
>> cups at cups.org
>> https://lists.cups.org/mailman/listinfo/cups
>>
>
>
Hi,
below is an old cups.conf (1.3.9) allowing mostly anything from anywhere
in the LAN. You may use that for starting with a very "open" cups and
secure it later...
--
cu
jth
-------------cups.conf ------------------
LogLevel info
SystemGroup sys root
# Allow remote access
Port 631
Listen /var/run/cups/cups.sock
# Show shared printers on the local network.
Browsing On
BrowseOrder allow,deny
BrowseAllow all
DefaultAuthType Basic
DefaultEncryption never
Timeout 86400
<Location />
Allow from all
# Allow remote administration...
Order allow,deny
Allow @LOCAL
</Location>
<Location /admin>
Allow from all
# Allow remote administration...
Order allow,deny
Allow @LOCAL
</Location>
<Location /admin/conf>
AuthType Default
Require user @SYSTEM
Allow from all
# Allow remote access to the configuration files...
Order allow,deny
Allow @LOCAL
</Location>
<Policy default>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job
Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription
Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job
Suspend-Current-Job Resume-Job CUPS-Move-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer
CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer
Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs
Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer
Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs
CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Order deny,allow
</Limit>
<Limit Cancel-Job CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
DefaultPolicy easy
<Policy easy>
<Limit All>
Satisfy any
Order allow,deny
</Limit>
</Policy>
<Policy paranoid>
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job
Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription
Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job
Suspend-Current-Job Resume-Job CUPS-Move-Job>
Require user @OWNER
Allow from 127.0.0.0/8
Order deny,allow
</Limit>
<Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer
CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
AuthType Default
Require user @SYSTEM
Allow from 127.0.0.0/8
Order deny,allow
</Limit>
<Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer
Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs
Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer
Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs
CUPS-Reject-Jobs>
AuthType Default
Require user @SYSTEM
Allow from 127.0.0.0/8
Order deny,allow
</Limit>
<Limit Cancel-Job CUPS-Authenticate-Job>
Require user @OWNER
Allow from 127.0.0.0/8
Order deny,allow
</Limit>
<Limit All>
Require user @OWNER @SYSTEM
Allow from 127.0.0.0/8
Order deny,allow
</Limit>
</Policy>
More information about the cups
mailing list