[cups] A primer on CUPS and printers

Tue Mar 2 14:19:23 PST 2021

Thanks! This was super helpful.

The one big change from 1.3 to 1.6 which still puzzles me is the relation
between cupsd.conf and cups-files.conf. There are Location directives in
both. Is this just a convenience thing? Could it (in theory) all go in
cupsd.conf? Or is there a way of specifying which goes where? If both files
have a Location directive for the same location, which one controls the
operations?

On Tue, Mar 2, 2021 at 12:57 AM Jörg Thümmler <listen at vordruckleitverlag.de>
wrote:

> Am 01.03.21 um 17:54 schrieb Johnnie W Adams:
> > Hi,
> >
> >       This is all super helpful!
> >
> >       My specific problem right now is going from the old 1.3.7 version
> to
> > the new 1.6.3 version as I move from one machine to another. (I can't go
> to
> > a 2.x version for a while.) I am having extreme trouble getting
> > authentication working. I've yet to see a pop-up box for it. I normally
> get
> > a login box when I configure a printer on the old 1.3.7 version; on the
> new
> > one, I just get Forbidden. I'm not seeing a difference in cupsd.conf that
> > explains it, either.
> >
> > Thanks,
> >
> >       John A
> >
> > On Thu, Feb 18, 2021 at 9:52 AM Jörg Thümmler <
> listen at vordruckleitverlag.de>
> > wrote:
> >
> >> Am 18.02.21 um 15:14 schrieb Johnnie W Adams:
> >>> Hi, folks,
> >>>
> >>>        I spent the first ten years of my time as a UNIX/Linux admin
> >> working
> >>> with very large systems that didn't use printers.
> >>>
> >>>        Now I do manage printers, and am finding it much rougher going
> >> than i
> >>> had expected. I'm right now working on moving CUPS and a couple hundred
> >>> printers from a very old version of Linux to a new one. (RHEL 5 to RHEL
> >> 7,
> >>> and no, it was not my idea to let that old RHEL 5 machine live this
> >> long.)
> >>> I get the pieces, but I don't yet have an overview of what I'm doing.
> >>>
> >>>        Can someone recommend a primer or a reading path through the
> CUPS
> >>> documentation?
> >>>
> >>> Thanks,
> >>>
> >>>        John A
> >>>
> >>
> >> Hi,
> >>
> >> you might have seen, the localhost:631 website has quite good references
> >> for the configs. Mostly you don't need that more.
> >>
> >> Apples view on this you can find here:
> >> https://opensource.apple.com/source/cups/cups-30/doc/sam.pdf
> >>
> >> There will be more in the www, but usually, if you don't have to manage
> >> very special things, this is enough. If your users use modern software,
> >> as office, webbrowser, mailer using a graphical desktop, printing will
> >> be done as in window$.
> >> Other software (if without own special drivers) should put out
> >> postscript, which cups converts into the printer language, the used
> >> printer understands. Usually the "lpr" command is used this way.
> >> And you can write own "drivers"  and pipe the data to an "raw" printer,
> >> which just sends the data without conversion to the used printer by
> "lpr".
> >> If you have simple txt data, you can use "enscript" to generate ps from
> >> that.
> >> A thing i often use as a shortcut for programming graphic output from
> >> data without complex office stuff is: producing html output, then
> >> converting in pdf by "wkhtmltopdf" and then converting to ps by "pdf2ps"
> >> and then sending as ps to a ps printer. Sounds strange, but is fast and
> >> good quality...
> >>
> >> hth - feel free to ask further...
> >>
> >> --
> >> cu
> >>
> >> jth
> >> _______________________________________________
> >> cups mailing list
> >> cups at cups.org
> >> https://lists.cups.org/mailman/listinfo/cups
> >>
> >
> >
>
> Hi,
>
> below is an old cups.conf (1.3.9) allowing mostly anything from anywhere
> in the LAN. You may use that for starting with a very "open" cups and
> secure it later...
>
> --
> cu
>
> jth
>
> -------------cups.conf ------------------
> LogLevel info
> SystemGroup sys root
> # Allow remote access
> Port 631
> Listen /var/run/cups/cups.sock
> # Show shared printers on the local network.
> Browsing On
> BrowseOrder allow,deny
> BrowseAllow all
> DefaultAuthType Basic
> DefaultEncryption never
> Timeout 86400
> <Location />
>    Allow from all
>    # Allow remote administration...
>    Order allow,deny
>    Allow @LOCAL
> </Location>
> <Location /admin>
>    Allow from all
>    # Allow remote administration...
>    Order allow,deny
>    Allow @LOCAL
> </Location>
> <Location /admin/conf>
>    AuthType Default
>    Require user @SYSTEM
>    Allow from all
>    # Allow remote access to the configuration files...
>    Order allow,deny
>    Allow @LOCAL
> </Location>
> <Policy default>
>    <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job
> Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription
> Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job
> Suspend-Current-Job Resume-Job CUPS-Move-Job>
>      Require user @OWNER @SYSTEM
>      Order deny,allow
>    </Limit>
>    <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer
> CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
>      AuthType Default
>      Require user @SYSTEM
>      Order deny,allow
>    </Limit>
>    <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer
> Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs
> Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer
> Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs
> CUPS-Reject-Jobs>
>      AuthType Default
>      Require user @SYSTEM
>      Order deny,allow
>    </Limit>
>    <Limit Cancel-Job CUPS-Authenticate-Job>
>      Require user @OWNER @SYSTEM
>      Order deny,allow
>    </Limit>
>    <Limit All>
>      Order deny,allow
>    </Limit>
> </Policy>
> DefaultPolicy easy
> <Policy easy>
>    <Limit All>
>    Satisfy any
>    Order allow,deny
> </Limit>
> </Policy>
> <Policy paranoid>
>    <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job
> Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription
> Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job
> Suspend-Current-Job Resume-Job CUPS-Move-Job>
> Require user @OWNER
> Allow from 127.0.0.0/8
> Order deny,allow
>    </Limit>
>    <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer
> CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
>    AuthType Default
>    Require user @SYSTEM
>    Allow from 127.0.0.0/8
>    Order deny,allow
>      </Limit>
>    <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer
> Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs
> Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer
> Startup-Printer Promote-Job Schedule-Job-After CUPS-Accept-Jobs
> CUPS-Reject-Jobs>
>      AuthType Default
>      Require user @SYSTEM
>      Allow from 127.0.0.0/8
>      Order deny,allow
>        </Limit>
>    <Limit Cancel-Job CUPS-Authenticate-Job>
>        Require user @OWNER
>        Allow from 127.0.0.0/8
>        Order deny,allow
>          </Limit>
>    <Limit All>
>          Require user @OWNER @SYSTEM
>          Allow from 127.0.0.0/8
>          Order deny,allow
>            </Limit>
> </Policy>
> _______________________________________________
> cups mailing list
> cups at cups.org
> https://lists.cups.org/mailman/listinfo/cups
>

-- 
John Adams
Linux/Middleware Administrator  | Information Technology Services
+1-501-916-3010 | jxadams at ualr.edu | http://ualr.edu/itservices
*UA Little Rock*

Reminder:  IT Services will never ask for your password over the phone or
in an email. Always be suspicious of requests for personal information that
come via email, even from known contacts.  For more information or to
report suspicious email, visit IT Security
<http://ualr.edu/itservices/security/>.