[SOLVED] CUPS server

kiche · 05-12-2011, 12:03 AM

greetings all... I'm trying to build a cups server (with cups-pdf) and it's not printing (creating) the PDF output.

from cups-pdf log:

Code:

[ERROR] failed to create directory (/home/testuser/PDF)
[ERROR] failed to create user output directory (/home/testuser/PDF)

the lp command is being ran from SSH as "testuser", who is in the lpadmin group (as well as sysadmin, users, and about 5 other groups while troubleshooting this)

I've tried creating the PDF folder as both the user, and as root but still no output file (when the folder is created the first error goes away, but the user output error remains) *note, the /home directory is a symbolic link to a separate partion (/storage)

I'm still a bit green on linux, but the server is headless, and for now i'm just trying to get normal users able to print using cups-pdf

here's my cupsd.conf

Code:

#
#
# Sample configuration file for the CUPS scheduler.  See "man cupsd.conf" for a
# complete description of this file.
#

# Log general information in error_log - change "warn" to "debug"
# for troubleshooting...
LogLevel warn

# Deactivate CUPS' internal logrotating, as we provide a better one, especially
# LogLevel debug2 gets usable now
MaxLogSize 0

# Administrator user group...
SystemGroup users


# Only listen for connections from the local machine.
Listen localhost:631
Listen /var/run/cups/cups.sock
Listen 172.20.1.50:631

# Show shared printers on the local network.
Browsing On
BrowseOrder allow,deny
BrowseAllow all
BrowseLocalProtocols CUPS dnssd
BrowseAddress @LOCAL

# Default authentication type, when authentication is required...
DefaultAuthType Basic

# Restrict access to the server...
<Location />
  Order allow,deny
#Allow @users
</Location>

# Restrict access to the admin pages...
<Location /admin>
  Order allow,deny
#Allow @users
</Location>

# Restrict access to configuration files...
<Location /admin/conf>
  AuthType Basic
  Require user @sysadmin
  Order allow,deny
</Location>

# Set the default printer/job policies...
<Policy default>
  # Job-related operations must be done by the owner or an administrator...
  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-
Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Ge
t-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job
CUPS-Move-Job CUPS-Get-Document>
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>

  # All administration operations require an administrator to authenticate...
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-
Delete-Class CUPS-Set-Default CUPS-Get-Devices>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>

  # All printer operations require a printer operator to authenticate...
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Print
er-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Acti
vate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedu
le-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>

  # Only the owner or an administrator can cancel or authenticate a job...
  <Limit Cancel-Job CUPS-Authenticate-Job>
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>

  <Limit All>
    Order deny,allow
  </Limit>
</Policy>

# Set the authenticated printer/job policies...
<Policy authenticated>
  # Job-related operations must be done by the owner or an administrator...
  <Limit Create-Job Print-Job Print-URI>
    AuthType Basic
    Order deny,allow
#Allow @users
  </Limit>

  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-
Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Ge
t-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job
CUPS-Move-Job CUPS-Get-Document>
    AuthType Default
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>

  # All administration operations require an administrator to authenticate...
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-
Delete-Class CUPS-Set-Default>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>

  # All printer operations require a printer operator to authenticate...
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Print
er-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Acti
vate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedu
le-Job-After CUPS-Accept-Jobs CUPS-Reject-Jobs>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>

  # Only the owner or an administrator can cancel or authenticate a job...
  <Limit Cancel-Job CUPS-Authenticate-Job>
    AuthType Default
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>

  <Limit All>
    Order deny,allow
  </Limit>
</Policy>

#
#

Any help would be much appreciated!

evo2 · 05-12-2011, 12:20 AM

Is /storage (ie /home) mounted over NFS? If so it I think it needs to be exported without root_squash.

For debugging purposes, can you try setting the ouput dir to something different? Eg in /etc/cups/cups-pdf.conf do something like

Code:

Out /tmp/${USER}/PDF

Evo2.

kiche · 05-12-2011, 12:33 AM

Updated the cups-pdf.conf with

Code:

Out /tmp/${USER}/PDF

and restarted cups (/etc/init.d/cups restart)... however when i did the lp <txtfile> command from the normal user and from root, no cups-pdf error came back, but nothing was added to /tmp... error_log did fire off however... see below

Code:

E [11/May/2011:23:29:43 -0600] PID 5620 (/usr/lib/cups/filter/pdftopdf) crashed on signal 13!
E [11/May/2011:23:29:43 -0600] [Job 17] Job stopped due to filter errors; please consult the error_log f
ile for details.
D [11/May/2011:23:29:43 -0600] [Job 17] The following messages were recorded from 11:29:43 PM to 11:29:4
3 PM
D [11/May/2011:23:29:43 -0600] [Job 17] Adding start banner page "none".
D [11/May/2011:23:29:43 -0600] [Job 17] Queued on "PDF" by "root".
D [11/May/2011:23:29:43 -0600] [Job 17] Auto-typing file...
D [11/May/2011:23:29:43 -0600] [Job 17] Request file type is text/plain.
D [11/May/2011:23:29:43 -0600] [Job 17] File of type text/plain queued by "root".
D [11/May/2011:23:29:43 -0600] [Job 17] Adding end banner page "none".
D [11/May/2011:23:29:43 -0600] [Job 17] job-sheets=none,none
D [11/May/2011:23:29:43 -0600] [Job 17] argv[0]="PDF"
D [11/May/2011:23:29:43 -0600] [Job 17] argv[1]="17"
D [11/May/2011:23:29:43 -0600] [Job 17] argv[2]="root"
D [11/May/2011:23:29:43 -0600] [Job 17] argv[3]="cupsd.conf"
D [11/May/2011:23:29:43 -0600] [Job 17] argv[4]="1"
D [11/May/2011:23:29:43 -0600] [Job 17] argv[5]="finishings=3 media=na_letter_8.5x11in number-up=1 job-u
uid=urn:uuid:c89afa90-b91f-3848-598f-6648a35587f6 job-originating-host-name=localhost"
D [11/May/2011:23:29:43 -0600] [Job 17] argv[6]="/var/spool/cups/d00017-001"
D [11/May/2011:23:29:43 -0600] [Job 17] envp[0]="CUPS_CACHEDIR=/var/cache/cups"
D [11/May/2011:23:29:43 -0600] [Job 17] envp[1]="CUPS_DATADIR=/usr/share/cups"
D [11/May/2011:23:29:43 -0600] [Job 17] envp[2]="CUPS_DOCROOT=/usr/share/cups/doc-root"
D [11/May/2011:23:29:43 -0600] [Job 17] envp[3]="CUPS_FONTPATH=/usr/share/cups/fonts"
D [11/May/2011:23:29:43 -0600] [Job 17] envp[4]="CUPS_REQUESTROOT=/var/spool/cups"
D [11/May/2011:23:29:43 -0600] [Job 17] envp[5]="CUPS_SERVERBIN=/usr/lib/cups"
D [11/May/2011:23:29:43 -0600] [Job 17] envp[6]="CUPS_SERVERROOT=/etc/cups"
D [11/May/2011:23:29:43 -0600] [Job 17] envp[7]="CUPS_STATEDIR=/var/run/cups"
D [11/May/2011:23:29:43 -0600] [Job 17] envp[8]="HOME=/var/spool/cups/tmp"
D [11/May/2011:23:29:43 -0600] [Job 17] envp[9]="PATH=/usr/lib/cups/filter:/usr/bin:/usr/sbin:/bin:/usr/
bin"
D [11/May/2011:23:29:43 -0600] [Job 17] envp[10]="SERVER_ADMIN=root@mozart"
D [11/May/2011:23:29:43 -0600] [Job 17] envp[11]="SOFTWARE=CUPS/1.4.3"
D [11/May/2011:23:29:43 -0600] [Job 17] envp[12]="TMPDIR=/var/spool/cups/tmp"
D [11/May/2011:23:29:43 -0600] [Job 17] envp[13]="TZ=America/Denver"
D [11/May/2011:23:29:43 -0600] [Job 17] envp[14]="USER=root"
D [11/May/2011:23:29:43 -0600] [Job 17] envp[15]="CUPS_SERVER=/var/run/cups/cups.sock"
D [11/May/2011:23:29:43 -0600] [Job 17] envp[16]="CUPS_ENCRYPTION=IfRequested"
D [11/May/2011:23:29:43 -0600] [Job 17] envp[17]="CHARSET=utf-8"
D [11/May/2011:23:29:43 -0600] [Job 17] envp[18]="LANG=en_US.UTF-8"
D [11/May/2011:23:29:43 -0600] [Job 17] envp[19]="PPD=/etc/cups/ppd/PDF.ppd"
D [11/May/2011:23:29:43 -0600] [Job 17] envp[20]="RIP_MAX_CACHE=514412k"
D [11/May/2011:23:29:43 -0600] [Job 17] envp[21]="CONTENT_TYPE=text/plain"
D [11/May/2011:23:29:43 -0600] [Job 17] envp[22]="DEVICE_URI=cups-pdf:/"
D [11/May/2011:23:29:43 -0600] [Job 17] envp[23]="PRINTER_INFO=PDF"
D [11/May/2011:23:29:43 -0600] [Job 17] envp[24]="PRINTER_LOCATION="
D [11/May/2011:23:29:43 -0600] [Job 17] envp[25]="PRINTER=PDF"
D [11/May/2011:23:29:43 -0600] [Job 17] envp[26]="CUPS_FILETYPE=document"
D [11/May/2011:23:29:43 -0600] [Job 17] envp[27]="FINAL_CONTENT_TYPE=application/vnd.cups-pdf"
D [11/May/2011:23:29:43 -0600] [Job 17] Started filter /usr/lib/cups/filter/texttopdf (PID 5619)
D [11/May/2011:23:29:43 -0600] [Job 17] Started filter /usr/lib/cups/filter/pdftopdf (PID 5620)
D [11/May/2011:23:29:43 -0600] [Job 17] Started backend /usr/lib/cups/backend/cups-pdf (PID 5621)
D [11/May/2011:23:29:43 -0600] [Job 17] cups-pdf cannot be called without root privileges!
D [11/May/2011:23:29:43 -0600] [Job 17] Page = 612x792; 0,0 to 612,792
D [11/May/2011:23:29:43 -0600] [Job 17] End of messages
D [11/May/2011:23:29:43 -0600] [Job 17] printer-state=3(idle)
D [11/May/2011:23:29:43 -0600] [Job 17] printer-state-message="/usr/lib/cups/filter/pdftopdf failed"
D [11/May/2011:23:29:43 -0600] [Job 17] printer-state-reasons=none

the /storage partition is an ext4, with default mount options, home folders were created with mv command as root

kiche · 05-12-2011, 12:36 AM

looks like maybe the cups-pdf isnt being ran as root.... i used apt-get install cups-pdf ... and left the cups-pdf configuration as default (except for the mod in the above post)

kiche · 05-12-2011, 09:29 AM

did a complete reboot of the system, tried lp again as both root and testuser... still got the same error:

Code:

D [12/May/2011:08:24:05 -0600] [Job 18] cups-pdf cannot be called without root p
rivileges!

Anyone know how to get cups-pdf to run at root? ... I've ran chmod against the cups-pdf script in /usr/lib/cups/backend, but that didnt seem to change anything

kiche · 05-12-2011, 01:06 PM

some progress at least!

did

Code:

chmod 700 /usr/lib/cups/backend/cups-pdf

and that got it running as root... and was able to do print to pdf as both root and testuser ...the print jobs went to the /tmp/{USER}/PDF directory as intended... however, when i change the destination back to {HOME}/PDF as it was originally... i'm getting the following error

Code:

Thu May 12 11:58:23 2011  [ERROR] failed to create directory (/home/testuser/PDF)
Thu May 12 11:58:23 2011  [ERROR] failed to create user output directory (/home/testuser/PDF)

do I need to go through all the /home directories and chown them? the testuser is able to create files in his own directory, but apparantly the cups-pdf running as root cannot... when i'm on root, i can create a file in the user's home directory no problem... (although the permissions prevent the user from writing to it)

kiche · 05-12-2011, 01:15 PM

Here is my mount statement in fstab...

Code:

/dev/sda1       /storage        ext4    defaults        0       2

my ls output as follows:

Code:

root@mozart:~# ls -l /home
lrwxrwxrwx 1 root root 13 2011-05-10 19:29 /home -> /storage/home

root@mozart:~# ls -l /storage/home
total 16
drwxrwxrwx 3 testuser      users  4096 2011-05-12 12:05 testuser

root@mozart:~# ls -l /storage
total 24
drwxrwxrwx 6 root root  4096 2011-05-10 19:31 home
drwxrwxrwx 8 root root  4096 2011-05-10 21:53 Shares

anyone see anything wrong?

evo2 · 05-12-2011, 08:13 PM

It could be the symlink for home that is causing the problem. Have you considered setting the users home directories to be /storage/home/foo instead of /home/foo in /etc/passwd?

Evo2.

kiche · 05-12-2011, 08:37 PM

I'll give that a shot... not a lot of users atm, so its not a hard thing to do

kiche · 05-12-2011, 08:39 PM

no change =/

kiche · 05-12-2011, 09:08 PM

k... so i did a userdel on testuser, and recreated the account using the built in /etc/default/useradd script (modified for the new /storage/home directory)... that created the new home folder, and looks like it set 755 permissions (rather than the 777 i had before).... I also ran usermod to add testuser to the sysadmin group again

i also went through and set /storage and /storage/home to 755... just in case that have been the issue.... still no effect... it wont create the PDF folder in the user directory.... Its not giving the root permission error anymore tho... so i'm at a loss as to what could be causing this...

kiche · 05-12-2011, 09:37 PM

bingo!!... apparmor was killin it...

Code:

aa-complain cupsd

did the trick

now to get this pdf printer working through the samba DC....

evo2 · 05-12-2011, 10:35 PM

Quote:

Originally Posted by kiche

bingo!!... apparmor was killin it...

I'd read that apparmor could cause problems, but for some reason I thought you weren't using it.

Glad you got it sorted.

Cheers,

Evo2.

kiche · 05-12-2011, 11:13 PM

still kinda new to linux, and really new to the server side... this project is prolly a bit more than i should be trying to tackle, but its a good learning experience... i havent ran into app armor before... but fortunately i found some good bug reports on the cups-pdf issue

evo2 · 05-12-2011, 11:35 PM

The place I read about apparmor was

Code:

/usr/share/doc/cups-pdf/README.Debian

/usr/share/doc/<package>/README.Debian(.gz) is always the first place I look for information when trying to configure a program.

Cheers,

Evo2.