Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Dear Peacedog,
Thanks for your reply. To your reply: I have lost track again...What do I need to delete and add again, and if you mean the configuration taking away # signs that shouldn't be a problem. Right now they are still not there, the lines are uncommented.
Here is the official blurb regarding the 9,0 version:
Printer Configuration from SUSE LINUX 9.0 on
Applies to: SUSE LINUX 9.0
Situation
You want to configure your printer. Refer to the manuals of SUSE LINUX 9.0 for basic information. The following paragraphs provide further information, especially regarding the differences and peculiarities of SUSE LINUX 9.0 compared to earlier versions. Compare to the following articles:
* "Printer Configuration from SuSE Linux 8.2"
* "Printer Configuration with SuSE Linux 8.1"
* "Printer Configuration with SuSE Linux 8.0"
* "Installing a Printer from SuSE Linux 6.4 to 7.3"
* "Installing a Printer"
The recommended print system in SUSE LINUX 9.0 is CUPS.
Changes in the CUPS Print Service (in cupsd)
1. cupsd runs as the user lp
2. Generalized functionality for BrowseAllow and BrowseDeny
3. Automatic activation of cupsd following the installation of the cups package
cupsd Runs as the User lp
On start-up, cupsd changes from the user root to the user lp as specified in /etc/cups/cupsd.conf:
User lp
Group lp
RunAsUser Yes
If "RunAsUser" is set to "No", cupsd will continue to run as root.
Advantage:
Improved security, as the CUPS print service does not run with unlimited permissions, but only with permissions needed for the print service.
Disadvantage:
The authentication (the password verification) cannot take place via /etc/shadow, as lp does not have access to /etc/shadow. Therefore "AuthType Basic" does not work in this case. Rather, the CUPS-specific authentication via /etc/cups/passwd.md5 must be used. In /etc/cups/cupsd.conf, this can be specified as follows:
<Location /admin>
AuthType BasicDigest
AuthClass Group
AuthGroupName sys
...
</Location>
Additionally, the following command must be used (as the user root) to enter a CUPS-specific password for the user root in /etc/cups/passwd.md5:
lppasswd -g sys -a root
If "AuthType" is set to "Basic", the password verification will take place with /etc/shadow. In this case, cupsd must run as root (i.e., "RunAsUser No").
Additional consequences:
* If cupsd runs as lp, /etc/printcap cannot be generated, as lp is not permitted to create files in /etc/. For this reason, cupsd creates cupsd /etc/cups/printcap as specified in /etc/cups/cupsd.conf:
Printcap /etc/cups/printcap
For applications that can only read queue names from /etc/printcap to work properly, /etc/printcap is a symbolic link to /etc/cups/printcap.
* As soon as cupsd starts running as lp, port 631 cannot be opened. Therefore, cupsd can no longer be reloaded with "rccups reload". Instead, use "rccups restart".
* If HP all-in-one devices (e.g., HP OfficeJet) are addressed by way of the "ptal" service, this will not work if the user root set an unsuitable "umask" when executing "ptal-init setup". In this case, ptal would have created the directories /dev/ptal-printd and /var/run/ptal-* with insufficient access permissions. Suitable access permissions that enable cupsd to send data to ptal devices as the user lp can be set with the following command:
chmod a+rx /dev/ptal-printd /var/run/ptal-*
See the article "HP OfficeJet" for more information on HP all-in-one devices.
Generalized Functionality for BrowseAllow and BrowseDeny
The access conditions set for BrowseAllow and BrowseDeny now apply to all kinds of packets sent to cupsd.
The default settings in /etc/cups/cupsd.conf are as follows:
BrowseAllow @LOCAL
BrowseDeny All
In this way, only LOCAL hosts can access cupsd. LOCAL hosts are hosts whose IP addresses belong to a non-PPP interface. For all other hosts (especially hosts that send packets to cups via a PPP interface), the packets are rejected immediately.
Access restrictions with BrowseAllow and BrowseDeny are checked first and therefore have the highest priority. Thus,
BrowseAllow None
BrowseDeny All
causes all packets from all hosts to be rejected immediately, regardless of any other access settings (such as in <Location />...</Location>). Only packages from "localhost" (127.0.0.1) are not rejected.
The main difference between access conditions with BrowseAllow and BrowseDeny and access conditions with an approach such as <Location />...</Location> is as follows:
* With BrowseAllow/BrowseDeny, the decision to grant or deny access is based exclusively on the data in the packet header. As no data from the actual packet is processed for the purpose of rejecting packets from unauthorized hosts, cupsd is less vulnerable to access from unauthorized hosts.
* With <Location />...</Location>, the decision to grant or deny access is based on the data in the actual packet. This process is complex and presents more vulnerable spots in cupsd that could be exploited for an attack.
Result:
Access restrictions with BrowseAllow and BrowseDeny should be used to deny all access for unauthorized hosts immediately. For BrowseAllow, you would normally enter the network from which access is generally permitted. Several BrowseAllow entries can be used for several networks or several individual hosts. "BrowseDeny All" denies access from all other hosts. <Location />...</Location> can be used to define the detailed access conditions.
Customer feedback wanted:
In SUSE LINUX 9.0, the generalized functionality for BrowseAllow and BrowseDeny is implemented as the patch "cups-1.1.19-preauth_security.patch". The underlying purpose of this patch is to achieve the functionality described above (access decision exclusively based on the data in the packet header) without necessitating new keywords in /etc/cups/cupsd.conf for the configuration of the access conditions, as our purpose is to modify the code of cupsd as little as possible. This patch was necessary for automatically activating cupsd in SUSE LINUX 9.0 (see following section). Furthermore, it represents a proposal for a possible way of improving the security of cupsd. Nevertheless, the patch does not constitute the final solution. To be able to develop a conclusive solution, we need customer feedback in order to learn about any problems that could be caused by this patch.
Automatic Activation of cupsd Following the Installation of the cups Package
The two items mentioned above are vital preconditions, as otherwise the security would not be sufficient for an automatic activation of cupsd. A correctly configured firewall may not be available in all scenarios. Therefore, cupsd itself must meet these security requirements.
The cups package is installed within the scope of the standard installation. The automatic activation of cupsd now enables comfortable access to queues of CUPS network servers without any additional manual actions. In this way, we comply with the frequently-expressed wish for comfortable out-of-the-box access to CUPS queues in the network -- especially for network client hosts to which no printers are connected.
Changes in LPRng and lpdfilter
From SUSE Linux 9.0 on, filtering in the LPRng and lpdfilter printing system takes place as follows (see the corresponding section in the Administration Guide):
* If a PostScript printer is attached, the Post_Script data is directly sent to the printer:
printing data
|
v
lpdfilter: conversion to PostScript
|
v
PostScript printer
* If there is no PostScript printer attached, Ghostscript is used to create printer-specific data. The printer-specific parameters for the Ghostscript command are saved in the following locations ("queue" must be replaced with the real queue name):
o In the cm line in the file /etc/printcap as hitherto
o In the file /etc/lpdfilter/queue/upp as hitherto
o From SUSE Linux 9.0 on, in the file /etc/lpdfilter/queue/ppd, too.
This is the case if lpdfilter has been configured with YaST.
Through this, the conversion to printer-specific data is performed in the same way as in the CUPS printing system with the filter foomatic-rip, which uses for the Ghostscript command data included in the same Foomatic PPD file used for the CUPS printing system.
If lpdfilter is configured by means of YaST, filtering in the LPRng and lpdfilter printing system takes place as follows:
printing data
|
v
lpdfilter: conversion to PostScript only
|
| ____ PPD file matching the printer model
| | (/etc/lpdfilter/queue/ppd)
v v
foomatic-rip: conversion to the printer language with Ghostscript
|
v
printer
That was the end of the blurb. I understand nothing of it but included it in case you do.
Cheers
273chris
Distribution: Slackware, Windows, FreeBSD, OpenBSD, Mac OS X
Posts: 5,296
Rep:
Quote:
Dear Peacedog,
Thanks for your reply. To your reply: I have lost track again...What do I need to delete and add again, and if you mean the configuration taking away # signs that shouldn't be a problem. Right now they are still not there, the lines are uncommented.
I was talking about the printer itself. If the machine has been updated, I suspect a problem with the drivers. Let's have a look at a few things first though. Please post the printers.conf file, and cupsd.conf. Is this happening with all four printers, or one in specific?
good luck.
Thanks for looking in. I checked the automatic update system on my Linux and it is off. The last update was 38 days ago which was when I re-installed. I have left it off.
The printer will only print one split line now before aborting.
I will look around and try and locate the files you write about at the end of the day in the evening after daylight. Right now I must get some sleep
Distribution: Slackware, Windows, FreeBSD, OpenBSD, Mac OS X
Posts: 5,296
Rep:
Please by all means get your rest. We may be in different time zones for all I know. A clean fresh mind is always better to work with. I've found myself more than once to be tired and miss some things that were so simple if I'd just taken a break and rested, and then looked at the problem.
On another note once you post the output from the files requested, we'll trouble shoot from there. Almost certainly we'll find something amiss, and diagnose this problem.
good luck.
so I tried
# whereis cupsd.config
and it gave the following:
usr/sbin/cupsd usr/share/man/man8/cupsd.8.gz
When I entered this line as a command after #, the reply came:
Unknown argument usr/share/man/man8/cupsd.8.gz - aborting!
When I used cat/etc/cups.conf
the reply came
No such file or directory
When I entered
#Where is printer.config
the answer came
Printer:
That is all it gave.
By the way I have never been able to copy from the konsole using the normal 'Edit - copy' click, so I always have to enter the lines manually to this window. I was able to copy the blurb from the SuSE website to this window. but nothing from the console.
Hi Peacedog
copied letter by letter from ls /etc/cups is the following:
. client.conf mime.convs printers.conf
.. cupsd.conf mime.types printers.conf.0
certs cupsd.conf.rpmnew passwd.md5 printers.conf.rpmnew
classes.conf cupsd.conf.rpmsave passwd.old printers.conf.rpmsave
classes.conf.0 cupsd.conf.y2 ppd pstoraster.convs
classes.conf.rpmnew interfaces ppds.dat ss1
classes.conf.rpmsave lpoptions printcap
After checking that printers.config and cupsd.config were there in that directory (except the icons had a padlock on).
I then went into a konsole as root and typed thus:
# pico /etc/cups printers.config
and /or
# pico /etc/cups cupsd.config
Nothing happened except that the editor opened. I tried Ctrl this and that but nothing showed up.
I did exactly as you said with the printers.conf rather than printers.config but the same things happened. I use the konsole as root and the editor opens and I can scroll down and back up but there is nothing there and the commands are about other things, reading, writing etc.
I know from looking through the visual interface that the files are there in file:/etc/cups, but with a lock on. I checked once again and they are still all there, the same ones that are in the list I typed in to this thread a few windows back.
Distribution: Slackware, Windows, FreeBSD, OpenBSD, Mac OS X
Posts: 5,296
Rep:
I'm sorry mate, I overlooked one small thing in my response, please accept my apologies. I am correcting myself with this post.
# pico /etc/cups printers.config
and /or
# pico /etc/cups cupsd.config
This should have been.
# pico /etc/cups/printers.conf
and /or
# pico /etc/cups/cupsd.conf
I hope I haven't confused you. The file names were incorrect, as well as the paths. Sorry I missed that, I know this frustrating, please accept my apologies. Hope this helps.
good luck.
Hi Peacedog
No worries,I am grateful for your help.
I got the first file and will go back and get the second and post it separately because I cannot get the copy function wo work in a konsole, so I must copy it by hand.
OK the contents of printers.conf follows below:
Printer Configuration file for CUPS v1.1.19
#written by cupsd on Sun Nov 21.00:22:03 2004
<Default Printer Epsonlocalhost631-nr3>
Info
Location
DeviceURI parallel:dev/lp0
State Idle
Accepting Yes
Jobsheet None none
Quotaperiod 0
PageLimit 0
Klimit 0
</Printer>
<Printer Epsonlocalhost631-nr4>
Info
Location
DeviceURI parallel:/dev/lp0
State Idle
Accepting Yes
Jobsheet None none
Quota Period 0
PageLimit 0
Klimit 0
</Printer>
That was all on that one. Will send the next if I succeed with it as well.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.