LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 11-30-2004, 08:40 AM   #46
273chris
Member
 
Registered: Sep 2004
Location: UK
Distribution: SuSE Linux 9.0
Posts: 58

Original Poster
Rep: Reputation: 15

Dear Peacedog,
Thanks for your reply. To your reply: I have lost track again...What do I need to delete and add again, and if you mean the configuration taking away # signs that shouldn't be a problem. Right now they are still not there, the lines are uncommented.

Here is the official blurb regarding the 9,0 version:

Printer Configuration from SUSE LINUX 9.0 on

Applies to: SUSE LINUX 9.0
Situation

You want to configure your printer. Refer to the manuals of SUSE LINUX 9.0 for basic information. The following paragraphs provide further information, especially regarding the differences and peculiarities of SUSE LINUX 9.0 compared to earlier versions. Compare to the following articles:

* "Printer Configuration from SuSE Linux 8.2"
* "Printer Configuration with SuSE Linux 8.1"
* "Printer Configuration with SuSE Linux 8.0"
* "Installing a Printer from SuSE Linux 6.4 to 7.3"
* "Installing a Printer"

The recommended print system in SUSE LINUX 9.0 is CUPS.
Changes in the CUPS Print Service (in cupsd)

1. cupsd runs as the user lp
2. Generalized functionality for BrowseAllow and BrowseDeny
3. Automatic activation of cupsd following the installation of the cups package

cupsd Runs as the User lp
On start-up, cupsd changes from the user root to the user lp as specified in /etc/cups/cupsd.conf:

User lp
Group lp
RunAsUser Yes

If "RunAsUser" is set to "No", cupsd will continue to run as root.

Advantage:
Improved security, as the CUPS print service does not run with unlimited permissions, but only with permissions needed for the print service.

Disadvantage:
The authentication (the password verification) cannot take place via /etc/shadow, as lp does not have access to /etc/shadow. Therefore "AuthType Basic" does not work in this case. Rather, the CUPS-specific authentication via /etc/cups/passwd.md5 must be used. In /etc/cups/cupsd.conf, this can be specified as follows:

<Location /admin>
AuthType BasicDigest
AuthClass Group
AuthGroupName sys
...
</Location>

Additionally, the following command must be used (as the user root) to enter a CUPS-specific password for the user root in /etc/cups/passwd.md5:

lppasswd -g sys -a root

If "AuthType" is set to "Basic", the password verification will take place with /etc/shadow. In this case, cupsd must run as root (i.e., "RunAsUser No").

Additional consequences:

* If cupsd runs as lp, /etc/printcap cannot be generated, as lp is not permitted to create files in /etc/. For this reason, cupsd creates cupsd /etc/cups/printcap as specified in /etc/cups/cupsd.conf:

Printcap /etc/cups/printcap

For applications that can only read queue names from /etc/printcap to work properly, /etc/printcap is a symbolic link to /etc/cups/printcap.

* As soon as cupsd starts running as lp, port 631 cannot be opened. Therefore, cupsd can no longer be reloaded with "rccups reload". Instead, use "rccups restart".

* If HP all-in-one devices (e.g., HP OfficeJet) are addressed by way of the "ptal" service, this will not work if the user root set an unsuitable "umask" when executing "ptal-init setup". In this case, ptal would have created the directories /dev/ptal-printd and /var/run/ptal-* with insufficient access permissions. Suitable access permissions that enable cupsd to send data to ptal devices as the user lp can be set with the following command:

chmod a+rx /dev/ptal-printd /var/run/ptal-*

See the article "HP OfficeJet" for more information on HP all-in-one devices.

Generalized Functionality for BrowseAllow and BrowseDeny
The access conditions set for BrowseAllow and BrowseDeny now apply to all kinds of packets sent to cupsd.

The default settings in /etc/cups/cupsd.conf are as follows:

BrowseAllow @LOCAL
BrowseDeny All

In this way, only LOCAL hosts can access cupsd. LOCAL hosts are hosts whose IP addresses belong to a non-PPP interface. For all other hosts (especially hosts that send packets to cups via a PPP interface), the packets are rejected immediately.

Access restrictions with BrowseAllow and BrowseDeny are checked first and therefore have the highest priority. Thus,

BrowseAllow None
BrowseDeny All

causes all packets from all hosts to be rejected immediately, regardless of any other access settings (such as in <Location />...</Location>). Only packages from "localhost" (127.0.0.1) are not rejected.

The main difference between access conditions with BrowseAllow and BrowseDeny and access conditions with an approach such as <Location />...</Location> is as follows:

* With BrowseAllow/BrowseDeny, the decision to grant or deny access is based exclusively on the data in the packet header. As no data from the actual packet is processed for the purpose of rejecting packets from unauthorized hosts, cupsd is less vulnerable to access from unauthorized hosts.

* With <Location />...</Location>, the decision to grant or deny access is based on the data in the actual packet. This process is complex and presents more vulnerable spots in cupsd that could be exploited for an attack.

Result:
Access restrictions with BrowseAllow and BrowseDeny should be used to deny all access for unauthorized hosts immediately. For BrowseAllow, you would normally enter the network from which access is generally permitted. Several BrowseAllow entries can be used for several networks or several individual hosts. "BrowseDeny All" denies access from all other hosts. <Location />...</Location> can be used to define the detailed access conditions.

Customer feedback wanted:
In SUSE LINUX 9.0, the generalized functionality for BrowseAllow and BrowseDeny is implemented as the patch "cups-1.1.19-preauth_security.patch". The underlying purpose of this patch is to achieve the functionality described above (access decision exclusively based on the data in the packet header) without necessitating new keywords in /etc/cups/cupsd.conf for the configuration of the access conditions, as our purpose is to modify the code of cupsd as little as possible. This patch was necessary for automatically activating cupsd in SUSE LINUX 9.0 (see following section). Furthermore, it represents a proposal for a possible way of improving the security of cupsd. Nevertheless, the patch does not constitute the final solution. To be able to develop a conclusive solution, we need customer feedback in order to learn about any problems that could be caused by this patch.
Automatic Activation of cupsd Following the Installation of the cups Package
The two items mentioned above are vital preconditions, as otherwise the security would not be sufficient for an automatic activation of cupsd. A correctly configured firewall may not be available in all scenarios. Therefore, cupsd itself must meet these security requirements.

The cups package is installed within the scope of the standard installation. The automatic activation of cupsd now enables comfortable access to queues of CUPS network servers without any additional manual actions. In this way, we comply with the frequently-expressed wish for comfortable out-of-the-box access to CUPS queues in the network -- especially for network client hosts to which no printers are connected.
Changes in LPRng and lpdfilter
From SUSE Linux 9.0 on, filtering in the LPRng and lpdfilter printing system takes place as follows (see the corresponding section in the Administration Guide):

* If a PostScript printer is attached, the Post_Script data is directly sent to the printer:

printing data
|
v
lpdfilter: conversion to PostScript
|
v
PostScript printer

* If there is no PostScript printer attached, Ghostscript is used to create printer-specific data. The printer-specific parameters for the Ghostscript command are saved in the following locations ("queue" must be replaced with the real queue name):
o In the cm line in the file /etc/printcap as hitherto
o In the file /etc/lpdfilter/queue/upp as hitherto
o From SUSE Linux 9.0 on, in the file /etc/lpdfilter/queue/ppd, too.
This is the case if lpdfilter has been configured with YaST.
Through this, the conversion to printer-specific data is performed in the same way as in the CUPS printing system with the filter foomatic-rip, which uses for the Ghostscript command data included in the same Foomatic PPD file used for the CUPS printing system.
If lpdfilter is configured by means of YaST, filtering in the LPRng and lpdfilter printing system takes place as follows:

printing data
|
v
lpdfilter: conversion to PostScript only
|
| ____ PPD file matching the printer model
| | (/etc/lpdfilter/queue/ppd)
v v
foomatic-rip: conversion to the printer language with Ghostscript
|
v
printer

That was the end of the blurb. I understand nothing of it but included it in case you do.
Cheers
273chris
 
Old 11-30-2004, 04:41 PM   #47
Peacedog
LQ Guru
 
Registered: Sep 2003
Location: Danville, VA
Distribution: Slackware, Windows, FreeBSD, OpenBSD, Mac OS X
Posts: 5,296

Rep: Reputation: 168Reputation: 168
Quote:
Dear Peacedog,
Thanks for your reply. To your reply: I have lost track again...What do I need to delete and add again, and if you mean the configuration taking away # signs that shouldn't be a problem. Right now they are still not there, the lines are uncommented.
I was talking about the printer itself. If the machine has been updated, I suspect a problem with the drivers. Let's have a look at a few things first though. Please post the printers.conf file, and cupsd.conf. Is this happening with all four printers, or one in specific?
good luck.
 
Old 11-30-2004, 07:29 PM   #48
273chris
Member
 
Registered: Sep 2004
Location: UK
Distribution: SuSE Linux 9.0
Posts: 58

Original Poster
Rep: Reputation: 15
Dear Peacedog

Thanks for looking in. I checked the automatic update system on my Linux and it is off. The last update was 38 days ago which was when I re-installed. I have left it off.

The printer will only print one split line now before aborting.

I will look around and try and locate the files you write about at the end of the day in the evening after daylight. Right now I must get some sleep

regards

273chris
 
Old 11-30-2004, 07:50 PM   #49
Peacedog
LQ Guru
 
Registered: Sep 2003
Location: Danville, VA
Distribution: Slackware, Windows, FreeBSD, OpenBSD, Mac OS X
Posts: 5,296

Rep: Reputation: 168Reputation: 168
Please by all means get your rest. We may be in different time zones for all I know. A clean fresh mind is always better to work with. I've found myself more than once to be tired and miss some things that were so simple if I'd just taken a break and rested, and then looked at the problem.

On another note once you post the output from the files requested, we'll trouble shoot from there. Almost certainly we'll find something amiss, and diagnose this problem.
good luck.

Last edited by Peacedog; 11-30-2004 at 07:52 PM.
 
Old 12-02-2004, 11:17 AM   #50
273chris
Member
 
Registered: Sep 2004
Location: UK
Distribution: SuSE Linux 9.0
Posts: 58

Original Poster
Rep: Reputation: 15
Hi Peacedog

How do I ask Linux to open the files, and how do I copy them to here? (copy does not seem to work from the kernel).

273chris
 
Old 12-02-2004, 04:59 PM   #51
Peacedog
LQ Guru
 
Registered: Sep 2003
Location: Danville, VA
Distribution: Slackware, Windows, FreeBSD, OpenBSD, Mac OS X
Posts: 5,296

Rep: Reputation: 168Reputation: 168
Are you in a terminal or gui? If you're in a terminal try

cat /etc/cups/printers.conf

then highlight the text, right click, copy, then paste it here.

If you're in a gui you should be able to open the files with any editor, copy the text, then paste it here.
good luck.
 
Old 12-04-2004, 04:38 PM   #52
273chris
Member
 
Registered: Sep 2004
Location: UK
Distribution: SuSE Linux 9.0
Posts: 58

Original Poster
Rep: Reputation: 15
Hi Peacedog

Using cat as you expressed above did not work

so I tried
# whereis cupsd.config
and it gave the following:
usr/sbin/cupsd usr/share/man/man8/cupsd.8.gz

When I entered this line as a command after #, the reply came:
Unknown argument usr/share/man/man8/cupsd.8.gz - aborting!

When I used cat/etc/cups.conf
the reply came
No such file or directory

When I entered
#Where is printer.config
the answer came
Printer:

That is all it gave.
By the way I have never been able to copy from the konsole using the normal 'Edit - copy' click, so I always have to enter the lines manually to this window. I was able to copy the blurb from the SuSE website to this window. but nothing from the console.

273chris
 
Old 12-05-2004, 05:28 PM   #53
Peacedog
LQ Guru
 
Registered: Sep 2003
Location: Danville, VA
Distribution: Slackware, Windows, FreeBSD, OpenBSD, Mac OS X
Posts: 5,296

Rep: Reputation: 168Reputation: 168
What does ls /etc/cups return, are the files listed there.
good luck.
 
Old 12-06-2004, 03:41 PM   #54
273chris
Member
 
Registered: Sep 2004
Location: UK
Distribution: SuSE Linux 9.0
Posts: 58

Original Poster
Rep: Reputation: 15
Hi Peacedog
copied letter by letter from ls /etc/cups is the following:
. client.conf mime.convs printers.conf
.. cupsd.conf mime.types printers.conf.0
certs cupsd.conf.rpmnew passwd.md5 printers.conf.rpmnew
classes.conf cupsd.conf.rpmsave passwd.old printers.conf.rpmsave
classes.conf.0 cupsd.conf.y2 ppd pstoraster.convs
classes.conf.rpmnew interfaces ppds.dat ss1
classes.conf.rpmsave lpoptions printcap

That is all.

273 chris
 
Old 12-06-2004, 04:51 PM   #55
Peacedog
LQ Guru
 
Registered: Sep 2003
Location: Danville, VA
Distribution: Slackware, Windows, FreeBSD, OpenBSD, Mac OS X
Posts: 5,296

Rep: Reputation: 168Reputation: 168
It's odd the files are there. Can you just open them with a text editor?
good luck.
 
Old 12-07-2004, 02:33 PM   #56
273chris
Member
 
Registered: Sep 2004
Location: UK
Distribution: SuSE Linux 9.0
Posts: 58

Original Poster
Rep: Reputation: 15
Hi there Peacedog

After checking that printers.config and cupsd.config were there in that directory (except the icons had a padlock on).
I then went into a konsole as root and typed thus:
# pico /etc/cups printers.config

and /or

# pico /etc/cups cupsd.config

Nothing happened except that the editor opened. I tried Ctrl this and that but nothing showed up.

Was that right or not?
273chris
 
Old 12-07-2004, 05:21 PM   #57
Peacedog
LQ Guru
 
Registered: Sep 2003
Location: Danville, VA
Distribution: Slackware, Windows, FreeBSD, OpenBSD, Mac OS X
Posts: 5,296

Rep: Reputation: 168Reputation: 168
Pico will start a new file that is empty if the wrong path is given. e.g.

# pico /etc/cups printers.config

and /or

# pico /etc/cups cupsd.config

This should have been.

# pico /etc/cups printers.conf

and /or

# pico /etc/cups cupsd.conf

good luck.
 
Old 12-07-2004, 05:54 PM   #58
273chris
Member
 
Registered: Sep 2004
Location: UK
Distribution: SuSE Linux 9.0
Posts: 58

Original Poster
Rep: Reputation: 15
Hi Peacedog

I did exactly as you said with the printers.conf rather than printers.config but the same things happened. I use the konsole as root and the editor opens and I can scroll down and back up but there is nothing there and the commands are about other things, reading, writing etc.

I know from looking through the visual interface that the files are there in file:/etc/cups, but with a lock on. I checked once again and they are still all there, the same ones that are in the list I typed in to this thread a few windows back.

Has this somehow got to do with permissions?

ciao for now

273chris
 
Old 12-07-2004, 06:19 PM   #59
Peacedog
LQ Guru
 
Registered: Sep 2003
Location: Danville, VA
Distribution: Slackware, Windows, FreeBSD, OpenBSD, Mac OS X
Posts: 5,296

Rep: Reputation: 168Reputation: 168
I'm sorry mate, I overlooked one small thing in my response, please accept my apologies. I am correcting myself with this post.

# pico /etc/cups printers.config

and /or

# pico /etc/cups cupsd.config

This should have been.

# pico /etc/cups/printers.conf

and /or

# pico /etc/cups/cupsd.conf

I hope I haven't confused you. The file names were incorrect, as well as the paths. Sorry I missed that, I know this frustrating, please accept my apologies. Hope this helps.
good luck.
 
Old 12-08-2004, 05:10 PM   #60
273chris
Member
 
Registered: Sep 2004
Location: UK
Distribution: SuSE Linux 9.0
Posts: 58

Original Poster
Rep: Reputation: 15
Hi Peacedog
No worries,I am grateful for your help.
I got the first file and will go back and get the second and post it separately because I cannot get the copy function wo work in a konsole, so I must copy it by hand.
OK the contents of printers.conf follows below:

Printer Configuration file for CUPS v1.1.19
#written by cupsd on Sun Nov 21.00:22:03 2004
<Default Printer Epsonlocalhost631-nr3>
Info
Location
DeviceURI parallel:dev/lp0
State Idle
Accepting Yes
Jobsheet None none
Quotaperiod 0
PageLimit 0
Klimit 0
</Printer>
<Printer Epsonlocalhost631-nr4>
Info
Location
DeviceURI parallel:/dev/lp0
State Idle
Accepting Yes
Jobsheet None none
Quota Period 0
PageLimit 0
Klimit 0
</Printer>

That was all on that one. Will send the next if I succeed with it as well.

Ciao

273chris
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
server-error-internal-error with CUPS "Configure Printer" fskmh Slackware 6 06-05-2013 01:51 PM
HELP: Cannot Configure CUPS to Recognize Parallel Printer Port as a Printing Device! glaucon829 Linux - Newbie 4 06-05-2007 09:38 AM
Cannot get cups to configure printer solar1951 Mandriva 8 05-19-2005 03:08 PM
Configure DNS printer via CUPS command line adagbg Red Hat 0 03-09-2005 10:46 AM
difficulty sustaining configuration of printer using KDE 273chris Linux - Newbie 6 10-25-2004 07:03 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 04:17 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration