CUPS nochmal ganz von vorne...

Post Reply
Message
Author
Utg

CUPS nochmal ganz von vorne...

#1 Post by Utg »

Hallo ihr alle - nicht nur max (DANKE nochmal für deine Mühe!!),

nachdem ich erfolglos versucht habe, meine CUPS-Drucker vernünftig zum Laufen zu bringen bzw. mit "kups" verwaltet laufen zu lassen, habe ich gerade nochmal ganz von vorne angefangen: CUPS deinstalliert und wieder installiert.

Die gute Nachricht: prinzipiell läuft das Ganze, ich kann drucken und auch die Drucker verwalten. Ich habe ein bisschen "kups" im Verdacht, Teil meiner bisherigen Probleme gewesen zu sein, deswegen nutze ich jetzt das CUPS-Web-Interface - ist auch gut. Allerdings besteht jetzt wieder das Problem, weswegen das ganze Übel hier erst richtig angefangen hat: man kann nur als "root" etwas ändern, z. B. Druckaufträge löschen. Das soll bei mir aber jeder Benutzer können. Max hatte mir gesagt, ich müsste in der cupsd.conf die Zeile "SystemGroup sys" durch "SystemGroup users" ersetzen. Das habe ich jetzt getan, es hat aber nicht geholfen.

Weiß hier irgendwer weiter?
Top
Max Huber

Re: CUPS nochmal ganz von vorne...

#2 Post by Max Huber »

So, ich bin wieder da.
Der Eintrag
SystemGroup users
erlaubt allen Benutzern die Mitglied der Gruppe sind die Drucker zu administrieren. Glaub mir!
Teste es folgendermaßen:
- Starte über Browser das Webinterface (http://localhost:631) als normaler Benutzer.
- Versuche einen Drucker zu stoppen
- Als UserId/Passwort gib die des normalen Benutzers ein -> wird nicht funktionieren (nur wennst root+Passwort eingibst funktioniert es).
- Schließe den Browser
- Stoppe cupsd
- Ändere in cupsd.conf "SystemGroup sys" auf "SystemGroup users"
- Starte cupsd
- So, starte nun das Webinerface neu und versuche als normaler Benutzer den Drucker zu stoppen/starten => wird funktionieren!

Ich hoffe das war es jetzt!

max
Top
Max Huber

Re: CUPS nochmal ganz von vorne...

#3 Post by Max Huber »

Vielleicht bist Du nur verwirrt dass eine Abfrage für UserId + Passwort kommt. Dort musst Du dann die UserId und das Passwort des "normalen" Benutzers eingaben (sofern "Systemgroup users" definiert ist). Die Abfrage UserId/Passwort kommt immer, was aber nicht heisst dass Du nur root dort eingeben kannst.

max
Top
Utg

Re: CUPS nochmal ganz von vorne...

#4 Post by Utg »

>Ich hoffe das war es jetzt!<

Ähm... ich fürchte nicht... Ich würde Dir auch WIRKLICH gerne glauben (und dich damit gleichzeitig von meinen nervigen Fragen befreien), aber leider funktioniert die Sache nunmal nicht. Zumindest nicht heute, d. h. nachdem ich CUPS wieder neu installiert habe. Gestern war das anders, WENN da etwas funktionierte, dann bei allen Benutzern.
Aber mit dem neu installierten CUPS...
Ich habe genau das gemacht, was du gesagt hast, und ich habe natürlich auch versucht, meinen normalen Benutzernamen+Kennwort einzugeben, aber dann kommt immer die Meldung "leider war der Authentifizierungsversuch nicht erfolgreich". Nur wenn ich "root"+Kennwort eingebe, klappt's.
Ich frage mich, ob vielleicht bei dem De- und Neuinstallieren irgendwas mit der config-Datei durcheinander gekommen ist, so dass CUPS z. B. eine andere config benutzt als die, in der ich da rumändere. Da gibt es nämlich nicht nur "cupsd.conf", sondern auch noch "cupsd.conf.O" und "cupsd.conf.rpmsave". Außerdem sieht auch die normale cupsd.conf ganz anders aus als vor der Neuinstallation, da sind jetzt zwischen den eigentlichen Skriptzeilen immer noch jede Menge Erklärungen. Vielleicht ist es am einfachsten, wenn ich dir alle drei Dateien schicke (auch wenn das bedeutet, dass da jetzt gleich wieder so'ne Riesenlatte kommt):

1. cupsd.conf:

# CUPS configuration file, generated by CUPS configuration tool.
# This tool is part of KDEPrint, the printing framework for KDE
# since version 2.2.2 and is used by the CUPS supporting module
# in KDEPrint. The predecessors to KDEPrint in former KDE releases
# were KUPS and QtCUPS; they are deprecated and no longer maintained.
#
# Author: Michael Goffioul
#
# Web site: http://printing.kde.org/
#
########################################################################
# #
# This is the CUPS configuration file. If you are familiar with #
# Apache or any of the other popular web servers, we've followed the #
# same format. Any configuration variable used here has the same #
# semantics as the corresponding variable in Apache. If we need #
# different functionality then a different name is used to avoid #
# confusion... #
# #
########################################################################
#

# Server

# ServerName
#
# The hostname of your server, as advertised to the world.
# By default CUPS will use the hostname of the system.
#
# To set the default server used by clients, see the client.conf file.
#
# ex: myhost.domain.com
#
#ServerName myhost.domain.com

ServerName localhost

# ServerAdmin
#
# The email address to send all complaints or problems to.
# By default CUPS will use "root@hostname".
#
# ex: root@myhost.com
#
#ServerAdmin root@your.domain.com

ServerAdmin root@localhost

# Classification
#
# The classification level of the server. If set, this
# classification is displayed on all pages, and raw printing is disabled.
# The default is the empty string.
#
# ex: confidential
#
#Classification classified

Classification none

# ClassifyOverride
#
# Whether to allow users to override the classification
# on printouts. If enabled, users can limit banner pages to before or
# after the job, and can change the classification of a job, but cannot
# completely eliminate the classification or banners.
#
# The default is off.
#
#ClassifyOverride off


# DefaultCharset
#
# The default character set to use. If not specified,
# defaults to utf-8. Note that this can also be overridden in
# HTML documents...
#
# ex: utf-8
#
#DefaultCharset utf-8

DefaultCharset ISO-8859-15

# DefaultLanguage
#
# The default language if not specified by the browser.
# If not specified, the current locale is used.
#
# ex: en
#
#DefaultLanguage en

DefaultLanguage en

# Printcap
#
# The name of the printcap file. Default is no filename.
# Leave blank to disable printcap file generation.
#
# ex: /etc/printcap
#
#Printcap /etc/printcap

Printcap /etc/printcap


PrintcapFormat BSD

# Security

# RemoteRoot
#
# The name of the user assigned to unauthenticated accesses
# from remote systems. By default "remroot".
#
# ex: remroot
#
#RemoteRoot remroot

RemoteRoot remroot

# SystemGroup
#
# The group name for "System" (printer administration)
# access. The default varies depending on the operating system, but
# will be sys, system, or root (checked for in that order).
#
# ex: sys
#
#SystemGroup sys

SystemGroup sys

# ServerCertificate
#
# The file to read containing the server's certificate.
# Defaults to "/etc/cups/ssl/server.crt".
#
# ex: /etc/cups/ssl/server.crt
#
#ServerCertificate /etc/cups/ssl/server.crt

ServerCertificate /etc/cups/ssl/server.crt

# ServerKey
#
# The file to read containing the server's key.
# Defaults to "/etc/cups/ssl/server.key".
#
# ex: /etc/cups/ssl/server.key
#
#ServerKey /etc/cups/ssl/server.key

ServerKey /etc/cups/ssl/server.key

# Access permissions
#
# Access permissions for each directory served by the scheduler.
# Locations are relative to DocumentRoot...
#
# AuthType: the authorization to use:
#
# None - Perform no authentication
# Basic - Perform authentication using the HTTP Basic method.
# Digest - Perform authentication using the HTTP Digest method.
#
# (Note: local certificate authentication can be substituted by
# the client for Basic or Digest when connecting to the
# localhost interface)
#
# AuthClass: the authorization class; currently only Anonymous, User,
# System (valid user belonging to group SystemGroup), and Group
# (valid user belonging to the specified group) are supported.
#
# AuthGroupName: the group name for "Group" authorization.
#
# Order: the order of Allow/Deny processing.
#
# Allow: allows access from the specified hostname, domain, IP address, or
# network.
#
# Deny: denies access from the specified hostname, domain, IP address, or
# network.
#
# Both "Allow" and "Deny" accept the following notations for addresses:
#
# All
# None
# *.domain.com
# .domain.com
# host.domain.com
# nnn.*
# nnn.nnn.*
# nnn.nnn.nnn.*
# nnn.nnn.nnn.nnn
# nnn.nnn.nnn.nnn/mm
# nnn.nnn.nnn.nnn/mmm.mmm.mmm.mmm
#
# The host and domain address require that you enable hostname lookups
# with "HostNameLookups On" above.
#
# Encryption: whether or not to use encryption; this depends on having
# the OpenSSL library linked into the CUPS library and scheduler.
#
# Possible values:
#
# Always - Always use encryption (SSL)
# Never - Never use encryption
# Required - Use TLS encryption upgrade
# IfRequested - Use encryption if the server requests it
#
# The default value is "IfRequested".
#
#<Location [resource_name]>
#
# You may wish to limit access to printers and classes, either with Allow
# and Deny lines, or by requiring a username and password.
#
#
## Anonymous access (default)
#AuthType None
#
## Require a username and password (Basic authentication)
#AuthType Basic
#AuthClass User
#
## Require a username and password (Digest/MD5 authentication)
#AuthType Digest
#AuthClass User
#
## Restrict access to local domain
#Order Deny,Allow
#Deny From All
#Allow From .mydomain.com
#
## Use encryption if requested
#Encryption IfRequested
#</Location>

<Location />
Encryption IfRequested
Satisfy All
Order deny,allow
Deny From All
Allow From 127.0.0.1
</Location>
<Location /admin>
AuthType Basic
AuthClass System
Encryption IfRequested
Satisfy All
Order deny,allow
Deny From All
Allow From 127.0.0.1
</Location>

# Network

# HostNameLookups
#
# Whether or not to do lookups on IP addresses to get a
# fully-qualified hostname. This defaults to Off for performance reasons...
#
# ex: On
#
#HostNameLookups On

HostnameLookups Off

# KeepAlive
#
# Whether or not to support the Keep-Alive connection
# option. Default is on.
#
# ex: On
#
#KeepAlive On

KeepAlive On

# KeepAliveTimeout
#
# The timeout (in seconds) before Keep-Alive connections are
# automatically closed. Default is 60 seconds.
#
# ex: 60
#
#KeepAliveTimeout 60

KeepAliveTimeout 60

# MaxClients
#
# Controls the maximum number of simultaneous clients that
# will be handled. Defaults to 100.
#
# ex: 100
#
#MaxClients 100

MaxClients 100

# MaxRequestSize
#
# Controls the maximum size of HTTP requests and print files.
# Set to 0 to disable this feature (defaults to 0).
#
# ex: 0
#
#MaxRequestSize 0

MaxRequestSize 0m

# Timeout
#
# The timeout (in seconds) before requests time out. Default is 300 seconds.
#
# ex: 300
#
#Timeout 300

Timeout 300

# Ports/Addresses
#
# Ports/addresses that we listen to. The default port 631 is reserved
# for the Internet Printing Protocol (IPP) and is what we use here.
#
# You can have multiple Port/Listen lines to listen to more than one
# port or address, or to restrict access.
#
# NOTE: Unfortunately, most web browsers don't support TLS or HTTP Upgrades
# for encryption. If you want to support web-based encryption you'll
# probably need to listen on port 443 (the "https" port...).
#
# ex: 631, myhost:80, 1.2.3.4:631
#
# Port 80
# Port 631
# Listen hostname
# Listen hostname:80
# Listen hostname:631
# Listen 1.2.3.4
# Listen 1.2.3.4:631
#
#Port 631

Listen *:631

# Log

# AccessLog
#
# The access log file; if this does not start with a leading /
# then it is assumed to be relative to ServerRoot. By default set to
# "/var/log/cups/access_log".
#
# You can also use the special name syslog to send the output to the
# syslog file or daemon.
#
# ex: /var/log/cups/acces_log
#
#AccessLog /var/log/cups/access_log

AccessLog /var/log/cups/access_log

# ErrorLog
#
# The error log file; if this does not start with a leading /
# then it is assumed to be relative to ServerRoot. By default set to
# "/var/log/cups/error_log".
#
# You can also use the special name syslog to send the output to the
# syslog file or daemon.
#
# ex: /var/log/cups/error_log
#
#ErrorLog /var/log/cups/error_log

ErrorLog /var/log/cups/error_log

# PageLog
#
# The page log file; if this does not start with a leading /
# then it is assumed to be relative to ServerRoot. By default set to
# "/var/log/cups/page_log".
#
# You can also use the special name syslog to send the output to the
# syslog file or daemon.
#
# ex: /var/log/cups/page_log
#
#PageLog /var/log/cups/page_log

PageLog /var/log/cups/page_log

# MaxLogSize
#
# Controls the maximum size of each log file before they are
# rotated. Defaults to 1048576 (1MB). Set to 0 to disable log rotating.
#
# ex: 1048576
#
#MaxLogSize 0

MaxLogSize 0m

# LogLevel
#
# Controls the number of messages logged to the ErrorLog
# file and can be one of the following:
#
# debug2: Log everything.
# debug: Log almost everything.
# info: Log all requests and state changes.
# warn: Log errors and warnings.
# error: Log only errors.
# none: Log nothing.
#
# ex: info
#
#LogLevel info

LogLevel info

# Jobs

# PreserveJobHistory
#
# Whether or not to preserve the job history after a
# job is completed, cancelled, or stopped. Default is Yes.
#
# ex: Yes
#
#PreserveJobHistory Yes

PreserveJobHistory On

# PreserveJobFiles
#
# Whether or not to preserve the job files after a
# job is completed, cancelled, or stopped. Default is No.
#
# ex: No
#
#PreserveJobFiles No

PreserveJobFiles Off

# AutoPurgeJobs
#
# Automatically purge jobs when not needed for quotas.
# Default is No.
#
#AutoPurgeJobs No

AutoPurgeJobs No

# MaxJobs
#
# Maximum number of jobs to keep in memory (active and completed.)
# Default is 0 (no limit.)
#
#MaxJobs 0

MaxJobs 0

# MaxJobsPerPrinter
#
# The MaxJobsPerPrinter directive controls the maximum number of active
# jobs that are allowed for each printer or class. Once a printer or class
# reaches the limit, new jobs will be rejected until one of the active jobs
# is completed, stopped, aborted, or cancelled.
#
# Setting the maximum to 0 disables this functionality.
# Default is 0 (no limit.)
#
#
#MaxJobsPerPrinter 0

MaxJobsPerPrinter 0

# MaxJobsPerUser
#
# The MaxJobsPerUser directive controls the maximum number of active
# jobs that are allowed for each user. Once a user reaches the limit, new
# jobs will be rejected until one of the active jobs is completed, stopped,
# aborted, or cancelled.
#
# Setting the maximum to 0 disables this functionality.
# Default is 0 (no limit.)
#
#
#MaxJobsPerUser 0

MaxJobsPerUser 0

# Filter

# User
#
# The user the server runs under. Normally this
# must be lp, however you can configure things for another user
# as needed.
#
# Note: the server must be run initially as root to support the
# default IPP port of 631. It changes users whenever an external
# program is run...
#
# ex: lp
#
#User lp

User lp

# Group
#
# The group the server runs under. Normally this
# must be sys, however you can configure things for another
# group as needed.
#
# ex: sys
#
#Group sys

Group sys

# RIPCache
#
# The amount of memory that each RIP should use to cache
# bitmaps. The value can be any real number followed by "k" for
# kilobytes, "m" for megabytes, "g" for gigabytes, or "t" for tiles
# (1 tile = 256x256 pixels.) Defaults to "8m" (8 megabytes).
#
# ex: 8m
#
#RIPCache 8m

RIPCache 8m

# FilterLimit
#
# Sets the maximum cost of all job filters that can be run
# at the same time. A limit of 0 means no limit. A typical job may need
# a filter limit of at least 200; limits less than the minimum required
# by a job force a single job to be printed at any time.
#
# The default limit is 0 (unlimited).
#
# ex: 200
#
#FilterLimit 0

FilterLimit 0

# Directories

# DataDir
#
# The root directory for the CUPS data files.
# By default /usr/share/cups.
#
# ex: /usr/share/cups
#
#DataDir /usr/share/cups

DataDir /usr/share/cups

# DocumentRoot
#
# The root directory for HTTP documents that are served.
# By default the compiled in directory.
#
# ex: /usr/share/cups/doc
#
#DocumentRoot /usr/share/cups/doc

DocumentRoot /usr/share/cups/doc/

# FontPath
#
# The path to locate all font files (currently only for pstoraster)
# By default /usr/share/cups/fonts.
#
# ex: /usr/share/cups/fonts
#
#FontPath /usr/share/cups/fonts


# RequestRoot
#
# The directory where request files are stored.
# By default /var/spool/cups.
#
# ex: /var/spool/cups
#
#RequestRoot /var/spool/cups

RequestRoot /var/spool/cups

# ServerBin
#
# The root directory for the scheduler executables.
# By default /usr/lib/cups or /usr/lib32/cups (IRIX 6.5).
#
# ex: /usr/bin/cups
#
#ServerBin /usr/lib/cups

ServerBin /usr/lib/cups

# ServerRoot
#
# The root directory for the scheduler.
# By default /etc/cups.
#
# ex: /etc/cups
#
#ServerRoot /etc/cups

ServerRoot /etc/cups

# TempDir
#
# The directory to put temporary files in. This directory must be
# writable by the user defined above! Defaults to "/var/spool/cups/tmp" or
# the value of the TMPDIR environment variable.
#
# ex: /var/spool/cups/tmp
#
#TempDir /var/spool/cups/tmp

TempDir /var/spool/cups/tmp

# Browsing

# Browsing
#
# Whether or not to listen to printer
# information from other CUPS servers.
#
#
# Enabled by default.
#
#
# NOTE: to enable the sending of browsing
# information from this CUPS server to the LAN,
# specify a valid BrowseAdress.
#
#
# ex: On
#
#Browsing On

Browsing On

# BrowseProtocols
#
# Which protocols to use for browsing. Can be
# any of the following separated by whitespace and/or commas:
#
# all - Use all supported protocols.
# cups - Use the CUPS browse protocol.
# slp - Use the SLPv2 protocol.
#
# The default is cups.
#
# NOTE: If you choose to use SLPv2, it is strongly recommended that
# you have at least one SLP Directory Agent (DA) on your
# network. Otherwise, browse updates can take several seconds,
# during which the scheduler will not response to client
# requests.
#
#BrowseProtocols cups

BrowseProtocols CUPS

# BrowsePort
#
# The port used for UDP broadcasts. By default this is
# the IPP port; if you change this you need to do it on all servers.
# Only one BrowsePort is recognized.
#
# ex: 631
#
#BrowsePort 631

BrowsePort 631

# BrowseInterval
#
# The time between browsing updates in seconds. Default
# is 30 seconds.
#
# Note that browsing information is sent whenever a printer's state changes
# as well, so this represents the maximum time between updates.
#
# Set this to 0 to disable outgoing broadcasts so your local printers are
# not advertised but you can still see printers on other hosts.
#
# ex: 30
#
#BrowseInterval 30

BrowseInterval 30

# BrowseTimeout
#
# The timeout (in seconds) for network printers - if we don't
# get an update within this time the printer will be removed
# from the printer list. This number definitely should not be
# less the BrowseInterval value for obvious reasons. Defaults
# to 300 seconds.
#
# ex: 300
#
#BrowseTimeout 300

BrowseTimeout 300

# BrowseAddress
#
# Specifies a broadcast address to be used. By
# default browsing information is broadcast to all active interfaces.
#
# Note: HP-UX 10.20 and earlier do not properly handle broadcast unless
# you have a Class A, B, C, or D netmask (i.e. no CIDR support).
#
# ex: x.y.z.255, x.y.255.255
#
#BrowseAddress x.y.z.255
#BrowseAddress x.y.255.255
#BrowseAddress x.255.255.255


# BrowseOrder
#
# Specifies the order of BrowseAllow/BrowseDeny comparisons.
#
# ex: allow,deny
#
#BrowseOrder allow,deny
#BrowseOrder deny,allow

BrowseOrder allow,deny

# ImplicitClasses
#
# Whether or not to use implicit classes.
#
# Printer classes can be specified explicitly in the classes.conf
# file, implicitly based upon the printers available on the LAN, or
# both.
#
# When ImplicitClasses is On, printers on the LAN with the same name
# (e.g. Acme-LaserPrint-1000) will be put into a class with the same
# name. This allows you to setup multiple redundant queues on a LAN
# without a lot of administrative difficulties. If a user sends a
# job to Acme-LaserPrint-1000, the job will go to the first available
# queue.
#
# Enabled by default.
#
#ImplicitClasses Off

ImplicitClasses On

# ImplicitAnyClasses
#
# Whether or not to create AnyPrinter implicit
# classes.
#
# When ImplicitAnyClasses is On and a local queue of the same name
# exists, e.g. "printer", "printer@server1", "printer@server1", then
# an implicit class called "Anyprinter" is created instead.
#
# When ImplicitAnyClasses is Off, implicit classes are not created
# when there is a local queue of the same name.
#
# Disabled by default.
#
#ImplicitAnyCLasses Off

ImplicitAnyClasses Off

# HideImplicitMembers
#
# Whether or not to show the members of an
# implicit class.
#
# When HideImplicitMembers is On, any remote printers that are
# part of an implicit class are hidden from the user, who will
# then only see a single queue even though many queues will be
# supporting the implicit class.
#
# Enabled by default.
#
#HideImplicitMembers On

HideImplicitMembers Yes

# BrowseShortNames
#
# Whether or not to use "short" names for remote printers
# when possible (e.g. "printer" instead of "printer@host"). Enabled by
# default.
#
# ex: Yes
#
#BrowseShortNames Yes

BrowseShortNames Yes

# Unknown



2. cupsd.conf.O:

# CUPS configuration file, generated by CUPS configuration tool.
# This tool is part of KDEPrint, the printing framework for KDE
# since version 2.2.2 and is used by the CUPS supporting module
# in KDEPrint. The predecessors to KDEPrint in former KDE releases
# were KUPS and QtCUPS; they are deprecated and no longer maintained.
#
# Author: Michael Goffioul
#
# Web site: http://printing.kde.org/
#
########################################################################
# #
# This is the CUPS configuration file. If you are familiar with #
# Apache or any of the other popular web servers, we've followed the #
# same format. Any configuration variable used here has the same #
# semantics as the corresponding variable in Apache. If we need #
# different functionality then a different name is used to avoid #
# confusion... #
# #
########################################################################
#

# Server

# ServerName
#
# The hostname of your server, as advertised to the world.
# By default CUPS will use the hostname of the system.
#
# To set the default server used by clients, see the client.conf file.
#
# ex: myhost.domain.com
#
#ServerName myhost.domain.com

ServerName localhost

# ServerAdmin
#
# The email address to send all complaints or problems to.
# By default CUPS will use "root@hostname".
#
# ex: root@myhost.com
#
#ServerAdmin root@your.domain.com

ServerAdmin root@localhost

# Classification
#
# The classification level of the server. If set, this
# classification is displayed on all pages, and raw printing is disabled.
# The default is the empty string.
#
# ex: confidential
#
#Classification classified

Classification none

# ClassifyOverride
#
# Whether to allow users to override the classification
# on printouts. If enabled, users can limit banner pages to before or
# after the job, and can change the classification of a job, but cannot
# completely eliminate the classification or banners.
#
# The default is off.
#
#ClassifyOverride off


# DefaultCharset
#
# The default character set to use. If not specified,
# defaults to utf-8. Note that this can also be overridden in
# HTML documents...
#
# ex: utf-8
#
#DefaultCharset utf-8

DefaultCharset ISO-8859-15

# DefaultLanguage
#
# The default language if not specified by the browser.
# If not specified, the current locale is used.
#
# ex: en
#
#DefaultLanguage en

DefaultLanguage en

# Printcap
#
# The name of the printcap file. Default is no filename.
# Leave blank to disable printcap file generation.
#
# ex: /etc/printcap
#
#Printcap /etc/printcap

Printcap /etc/printcap


PrintcapFormat BSD

# Security

# RemoteRoot
#
# The name of the user assigned to unauthenticated accesses
# from remote systems. By default "remroot".
#
# ex: remroot
#
#RemoteRoot remroot

RemoteRoot remroot

# SystemGroup
#
# The group name for "System" (printer administration)
# access. The default varies depending on the operating system, but
# will be sys, system, or root (checked for in that order).
#
# ex: sys
#
#SystemGroup sys

SystemGroup sys

# ServerCertificate
#
# The file to read containing the server's certificate.
# Defaults to "/etc/cups/ssl/server.crt".
#
# ex: /etc/cups/ssl/server.crt
#
#ServerCertificate /etc/cups/ssl/server.crt

ServerCertificate /etc/cups/ssl/server.crt

# ServerKey
#
# The file to read containing the server's key.
# Defaults to "/etc/cups/ssl/server.key".
#
# ex: /etc/cups/ssl/server.key
#
#ServerKey /etc/cups/ssl/server.key

ServerKey /etc/cups/ssl/server.key

# Access permissions
#
# Access permissions for each directory served by the scheduler.
# Locations are relative to DocumentRoot...
#
# AuthType: the authorization to use:
#
# None - Perform no authentication
# Basic - Perform authentication using the HTTP Basic method.
# Digest - Perform authentication using the HTTP Digest method.
#
# (Note: local certificate authentication can be substituted by
# the client for Basic or Digest when connecting to the
# localhost interface)
#
# AuthClass: the authorization class; currently only Anonymous, User,
# System (valid user belonging to group SystemGroup), and Group
# (valid user belonging to the specified group) are supported.
#
# AuthGroupName: the group name for "Group" authorization.
#
# Order: the order of Allow/Deny processing.
#
# Allow: allows access from the specified hostname, domain, IP address, or
# network.
#
# Deny: denies access from the specified hostname, domain, IP address, or
# network.
#
# Both "Allow" and "Deny" accept the following notations for addresses:
#
# All
# None
# *.domain.com
# .domain.com
# host.domain.com
# nnn.*
# nnn.nnn.*
# nnn.nnn.nnn.*
# nnn.nnn.nnn.nnn
# nnn.nnn.nnn.nnn/mm
# nnn.nnn.nnn.nnn/mmm.mmm.mmm.mmm
#
# The host and domain address require that you enable hostname lookups
# with "HostNameLookups On" above.
#
# Encryption: whether or not to use encryption; this depends on having
# the OpenSSL library linked into the CUPS library and scheduler.
#
# Possible values:
#
# Always - Always use encryption (SSL)
# Never - Never use encryption
# Required - Use TLS encryption upgrade
# IfRequested - Use encryption if the server requests it
#
# The default value is "IfRequested".
#
#<Location [resource_name]>
#
# You may wish to limit access to printers and classes, either with Allow
# and Deny lines, or by requiring a username and password.
#
#
## Anonymous access (default)
#AuthType None
#
## Require a username and password (Basic authentication)
#AuthType Basic
#AuthClass User
#
## Require a username and password (Digest/MD5 authentication)
#AuthType Digest
#AuthClass User
#
## Restrict access to local domain
#Order Deny,Allow
#Deny From All
#Allow From .mydomain.com
#
## Use encryption if requested
#Encryption IfRequested
#</Location>

<Location />
Encryption IfRequested
Satisfy All
Order deny,allow
Deny From All
Allow From 127.0.0.1
</Location>
<Location /admin>
AuthType Basic
AuthClass System
Encryption IfRequested
Satisfy All
Order deny,allow
Deny From All
Allow From 127.0.0.1
</Location>

# Network

# HostNameLookups
#
# Whether or not to do lookups on IP addresses to get a
# fully-qualified hostname. This defaults to Off for performance reasons...
#
# ex: On
#
#HostNameLookups On

HostnameLookups Off

# KeepAlive
#
# Whether or not to support the Keep-Alive connection
# option. Default is on.
#
# ex: On
#
#KeepAlive On

KeepAlive On

# KeepAliveTimeout
#
# The timeout (in seconds) before Keep-Alive connections are
# automatically closed. Default is 60 seconds.
#
# ex: 60
#
#KeepAliveTimeout 60

KeepAliveTimeout 60

# MaxClients
#
# Controls the maximum number of simultaneous clients that
# will be handled. Defaults to 100.
#
# ex: 100
#
#MaxClients 100

MaxClients 100

# MaxRequestSize
#
# Controls the maximum size of HTTP requests and print files.
# Set to 0 to disable this feature (defaults to 0).
#
# ex: 0
#
#MaxRequestSize 0

MaxRequestSize 0m

# Timeout
#
# The timeout (in seconds) before requests time out. Default is 300 seconds.
#
# ex: 300
#
#Timeout 300

Timeout 300

# Ports/Addresses
#
# Ports/addresses that we listen to. The default port 631 is reserved
# for the Internet Printing Protocol (IPP) and is what we use here.
#
# You can have multiple Port/Listen lines to listen to more than one
# port or address, or to restrict access.
#
# NOTE: Unfortunately, most web browsers don't support TLS or HTTP Upgrades
# for encryption. If you want to support web-based encryption you'll
# probably need to listen on port 443 (the "https" port...).
#
# ex: 631, myhost:80, 1.2.3.4:631
#
# Port 80
# Port 631
# Listen hostname
# Listen hostname:80
# Listen hostname:631
# Listen 1.2.3.4
# Listen 1.2.3.4:631
#
#Port 631

Listen *:631

# Log

# AccessLog
#
# The access log file; if this does not start with a leading /
# then it is assumed to be relative to ServerRoot. By default set to
# "/var/log/cups/access_log".
#
# You can also use the special name syslog to send the output to the
# syslog file or daemon.
#
# ex: /var/log/cups/acces_log
#
#AccessLog /var/log/cups/access_log

AccessLog /var/log/cups/access_log

# ErrorLog
#
# The error log file; if this does not start with a leading /
# then it is assumed to be relative to ServerRoot. By default set to
# "/var/log/cups/error_log".
#
# You can also use the special name syslog to send the output to the
# syslog file or daemon.
#
# ex: /var/log/cups/error_log
#
#ErrorLog /var/log/cups/error_log

ErrorLog /var/log/cups/error_log

# PageLog
#
# The page log file; if this does not start with a leading /
# then it is assumed to be relative to ServerRoot. By default set to
# "/var/log/cups/page_log".
#
# You can also use the special name syslog to send the output to the
# syslog file or daemon.
#
# ex: /var/log/cups/page_log
#
#PageLog /var/log/cups/page_log

PageLog /var/log/cups/page_log

# MaxLogSize
#
# Controls the maximum size of each log file before they are
# rotated. Defaults to 1048576 (1MB). Set to 0 to disable log rotating.
#
# ex: 1048576
#
#MaxLogSize 0

MaxLogSize 0m

# LogLevel
#
# Controls the number of messages logged to the ErrorLog
# file and can be one of the following:
#
# debug2: Log everything.
# debug: Log almost everything.
# info: Log all requests and state changes.
# warn: Log errors and warnings.
# error: Log only errors.
# none: Log nothing.
#
# ex: info
#
#LogLevel info

LogLevel info

# Jobs

# PreserveJobHistory
#
# Whether or not to preserve the job history after a
# job is completed, cancelled, or stopped. Default is Yes.
#
# ex: Yes
#
#PreserveJobHistory Yes

PreserveJobHistory On

# PreserveJobFiles
#
# Whether or not to preserve the job files after a
# job is completed, cancelled, or stopped. Default is No.
#
# ex: No
#
#PreserveJobFiles No

PreserveJobFiles Off

# AutoPurgeJobs
#
# Automatically purge jobs when not needed for quotas.
# Default is No.
#
#AutoPurgeJobs No

AutoPurgeJobs No

# MaxJobs
#
# Maximum number of jobs to keep in memory (active and completed.)
# Default is 0 (no limit.)
#
#MaxJobs 0

MaxJobs 0

# MaxJobsPerPrinter
#
# The MaxJobsPerPrinter directive controls the maximum number of active
# jobs that are allowed for each printer or class. Once a printer or class
# reaches the limit, new jobs will be rejected until one of the active jobs
# is completed, stopped, aborted, or cancelled.
#
# Setting the maximum to 0 disables this functionality.
# Default is 0 (no limit.)
#
#
#MaxJobsPerPrinter 0

MaxJobsPerPrinter 0

# MaxJobsPerUser
#
# The MaxJobsPerUser directive controls the maximum number of active
# jobs that are allowed for each user. Once a user reaches the limit, new
# jobs will be rejected until one of the active jobs is completed, stopped,
# aborted, or cancelled.
#
# Setting the maximum to 0 disables this functionality.
# Default is 0 (no limit.)
#
#
#MaxJobsPerUser 0

MaxJobsPerUser 0

# Filter

# User
#
# The user the server runs under. Normally this
# must be lp, however you can configure things for another user
# as needed.
#
# Note: the server must be run initially as root to support the
# default IPP port of 631. It changes users whenever an external
# program is run...
#
# ex: lp
#
#User lp

User lp

# Group
#
# The group the server runs under. Normally this
# must be sys, however you can configure things for another
# group as needed.
#
# ex: sys
#
#Group sys

Group sys

# RIPCache
#
# The amount of memory that each RIP should use to cache
# bitmaps. The value can be any real number followed by "k" for
# kilobytes, "m" for megabytes, "g" for gigabytes, or "t" for tiles
# (1 tile = 256x256 pixels.) Defaults to "8m" (8 megabytes).
#
# ex: 8m
#
#RIPCache 8m

RIPCache 8m

# FilterLimit
#
# Sets the maximum cost of all job filters that can be run
# at the same time. A limit of 0 means no limit. A typical job may need
# a filter limit of at least 200; limits less than the minimum required
# by a job force a single job to be printed at any time.
#
# The default limit is 0 (unlimited).
#
# ex: 200
#
#FilterLimit 0

FilterLimit 0

# Directories

# DataDir
#
# The root directory for the CUPS data files.
# By default /usr/share/cups.
#
# ex: /usr/share/cups
#
#DataDir /usr/share/cups

DataDir /usr/share/cups

# DocumentRoot
#
# The root directory for HTTP documents that are served.
# By default the compiled in directory.
#
# ex: /usr/share/cups/doc
#
#DocumentRoot /usr/share/cups/doc

DocumentRoot /usr/share/cups/doc/

# FontPath
#
# The path to locate all font files (currently only for pstoraster)
# By default /usr/share/cups/fonts.
#
# ex: /usr/share/cups/fonts
#
#FontPath /usr/share/cups/fonts


# RequestRoot
#
# The directory where request files are stored.
# By default /var/spool/cups.
#
# ex: /var/spool/cups
#
#RequestRoot /var/spool/cups

RequestRoot /var/spool/cups

# ServerBin
#
# The root directory for the scheduler executables.
# By default /usr/lib/cups or /usr/lib32/cups (IRIX 6.5).
#
# ex: /usr/bin/cups
#
#ServerBin /usr/lib/cups

ServerBin /usr/lib/cups

# ServerRoot
#
# The root directory for the scheduler.
# By default /etc/cups.
#
# ex: /etc/cups
#
#ServerRoot /etc/cups

ServerRoot /etc/cups

# TempDir
#
# The directory to put temporary files in. This directory must be
# writable by the user defined above! Defaults to "/var/spool/cups/tmp" or
# the value of the TMPDIR environment variable.
#
# ex: /var/spool/cups/tmp
#
#TempDir /var/spool/cups/tmp

TempDir /var/spool/cups/tmp

# Browsing

# Browsing
#
# Whether or not to listen to printer
# information from other CUPS servers.
#
#
# Enabled by default.
#
#
# NOTE: to enable the sending of browsing
# information from this CUPS server to the LAN,
# specify a valid BrowseAdress.
#
#
# ex: On
#
#Browsing On

Browsing On

# BrowseProtocols
#
# Which protocols to use for browsing. Can be
# any of the following separated by whitespace and/or commas:
#
# all - Use all supported protocols.
# cups - Use the CUPS browse protocol.
# slp - Use the SLPv2 protocol.
#
# The default is cups.
#
# NOTE: If you choose to use SLPv2, it is strongly recommended that
# you have at least one SLP Directory Agent (DA) on your
# network. Otherwise, browse updates can take several seconds,
# during which the scheduler will not response to client
# requests.
#
#BrowseProtocols cups

BrowseProtocols CUPS

# BrowsePort
#
# The port used for UDP broadcasts. By default this is
# the IPP port; if you change this you need to do it on all servers.
# Only one BrowsePort is recognized.
#
# ex: 631
#
#BrowsePort 631

BrowsePort 631

# BrowseInterval
#
# The time between browsing updates in seconds. Default
# is 30 seconds.
#
# Note that browsing information is sent whenever a printer's state changes
# as well, so this represents the maximum time between updates.
#
# Set this to 0 to disable outgoing broadcasts so your local printers are
# not advertised but you can still see printers on other hosts.
#
# ex: 30
#
#BrowseInterval 30

BrowseInterval 30

# BrowseTimeout
#
# The timeout (in seconds) for network printers - if we don't
# get an update within this time the printer will be removed
# from the printer list. This number definitely should not be
# less the BrowseInterval value for obvious reasons. Defaults
# to 300 seconds.
#
# ex: 300
#
#BrowseTimeout 300

BrowseTimeout 300

# BrowseAddress
#
# Specifies a broadcast address to be used. By
# default browsing information is broadcast to all active interfaces.
#
# Note: HP-UX 10.20 and earlier do not properly handle broadcast unless
# you have a Class A, B, C, or D netmask (i.e. no CIDR support).
#
# ex: x.y.z.255, x.y.255.255
#
#BrowseAddress x.y.z.255
#BrowseAddress x.y.255.255
#BrowseAddress x.255.255.255


# BrowseOrder
#
# Specifies the order of BrowseAllow/BrowseDeny comparisons.
#
# ex: allow,deny
#
#BrowseOrder allow,deny
#BrowseOrder deny,allow

BrowseOrder allow,deny

# ImplicitClasses
#
# Whether or not to use implicit classes.
#
# Printer classes can be specified explicitly in the classes.conf
# file, implicitly based upon the printers available on the LAN, or
# both.
#
# When ImplicitClasses is On, printers on the LAN with the same name
# (e.g. Acme-LaserPrint-1000) will be put into a class with the same
# name. This allows you to setup multiple redundant queues on a LAN
# without a lot of administrative difficulties. If a user sends a
# job to Acme-LaserPrint-1000, the job will go to the first available
# queue.
#
# Enabled by default.
#
#ImplicitClasses Off

ImplicitClasses On

# ImplicitAnyClasses
#
# Whether or not to create AnyPrinter implicit
# classes.
#
# When ImplicitAnyClasses is On and a local queue of the same name
# exists, e.g. "printer", "printer@server1", "printer@server1", then
# an implicit class called "Anyprinter" is created instead.
#
# When ImplicitAnyClasses is Off, implicit classes are not created
# when there is a local queue of the same name.
#
# Disabled by default.
#
#ImplicitAnyCLasses Off

ImplicitAnyClasses Off

# HideImplicitMembers
#
# Whether or not to show the members of an
# implicit class.
#
# When HideImplicitMembers is On, any remote printers that are
# part of an implicit class are hidden from the user, who will
# then only see a single queue even though many queues will be
# supporting the implicit class.
#
# Enabled by default.
#
#HideImplicitMembers On

HideImplicitMembers Yes

# BrowseShortNames
#
# Whether or not to use "short" names for remote printers
# when possible (e.g. "printer" instead of "printer@host"). Enabled by
# default.
#
# ex: Yes
#
#BrowseShortNames Yes

BrowseShortNames Yes

# Unknown




3. cupsd.conf.rpmsave:

DocumentRoot /usr/share/cups/doc/
LogLevel info
Port 631
<Location />
Order Deny,Allow
Deny From All
Allow From 127.0.0.1
</Location>
<Location /admin>
AuthType Basic
AuthClass System
Order Deny,Allow
Deny From All
Allow From 127.0.0.1
</Location>

(Das scheint jawohl "deine" Version zu sein)


Hilft dir das?
Top
Utg

Re: CUPS nochmal ganz von vorne...

#5 Post by Utg »

Hmm, und das "root"-Problem ist anscheinend auch nicht ganz das einzige:

Ich wollte gerade als "root" die Konfiguration eines Druckers ändern. Beim Klicken auf "Conifgure printer" kamen auch die Konfigurationseinstellungen, aber wenn ich dann auf "Continue" geklickt habe, kam

"Beim Laden von http://localhost:631/admin ist folgender Fehler aufgetreten:


Unknown Authorization method!"

Also langsam glaube ich, dieses blöde CUPS will einfach nicht für mich drucken!!
Top
Max Huber

Re: CUPS nochmal ganz von vorne...

#6 Post by Max Huber »

Ich habe nun Deine cupsd.conf (die 1., die beiden anderen sind nur Backups) bei mir in Verwendung und nur den Parameter "SystemGrups users" konfiguriert und es funktioniert (Webinterface - Printers - Modify Printers, Start/Stop, Cancel Jobs,...).
Nach Änderungen an der cupsd.conf stoppst und startest den cupsd schon neu!?

Was Du noch testen solltest (zugegeben, ist ein schwacher Versuch!): Schau mal in der Datei /etc/group nach, ob bei der Gruppe users Deine Benutzer eingetragen sind. Sollte so aussehen (Beispiel: 2 Benutzer namens max und mimi existieren):
users:x:100:max,mimi
Wenn nicht, dann trage sie dort ein (mit Komma getrennt). Deine Benutzer natürlich und max und mimi! <img src="http://www.pl-forum.de/UltraBoard/Images/Happy.gif" border="0" align="middle">
Restart cupsd und dann testen.


Sonst fällt mir im Moment auch nicht mehr viel ein wieso es bei Dir nicht funktionert. Aber eines probiere schon noch:
Lege eine neue Gruppe an (z.B. "prtadmin") und trage den normalen Benutzer als Mitglied dieser Gruppe ein. In der cupsd.conf verwende dann "SystemGroup prtadmin".

max
Top
Utg

Re: CUPS nochmal ganz von vorne...

#7 Post by Utg »

Tja, dann sind wir wohl mit unserem Latein am Ende...

Ja, ich habe cupsd immer brav gestoppt und neu gestartet, ja, ich hatte schon nachgesehen, ob auch tatsächlich alle Benutzer in der Gruppe "users" sind, und ja, ich war sogar selbst (!) schon auf die Idee gekommen, eine neue Gruppe anzulegen und bei "SystemGroup" einzutragen. Wie Du in meiner config sehen kannst, heißt die bei mir "printer".

Also wenn Dir jetzt wirklich nichts mehr einfällt (was mich nicht wundern würde, schließlich hast Du mich schon eine GANZE MENGE ausprobieren lassen): Trotzdem nochmal DANKE!! Du hast Dir echt wahnsinnig Mühe mit mir gegeben!
Und ein bisschen weiter als am Anfang bin ich jetzt ja auch: die Drucker laufen, immerhin kann ich als "root" das meiste machen (z. B. Drucker starten/anhalten, Druckaufträge löschen...) - und außerdem habe ich ein bisschen mehr Einblick in mein System bekommen und festgestellt, dass es hier echt nette Leute gibt, die viele Stunden ihrer kostbaren Zeit opfern, um einem Computerdeppen wie mir zu helfen <img src="http://www.pl-forum.de/UltraBoard/Images/Happy.gif" border="0" align="middle">
Top
Utg

Re: CUPS nochmal ganz von vorne...

#8 Post by Utg »

...was natürlich nicht heißen soll, dass jemand, der noch eine Idee hat, wie ich meine Probleme doch noch beheben könnte, sich nicht melden soll...
Top
Utg

Re: CUPS nochmal ganz von vorne...

#9 Post by Utg »

Hmm, man soll ja den Tag nicht vor dem Abend loben, deshalb werde ich jetzt nicht in Jubel ausbrechen, aber:

Ich glaub', ich hab's!!

Und zwar hab' ich jetzt nochmal in Ruhe die ganze cupsd.conf samt Erklärungen durchgesehen und den Eintrag "AuthClass System" in "AuthClass User" geändert. Außerdem habe ich gesehen, dass in der Datei client.conf nicht nur ein Eintrag "Encryption" war, sondern gleich vier, und zwar jeder mit einem anderen Parameter. Das sah dann ungefähr so aus:

Encryption Always
Encryption Never
Encryption Required
Encryption IfRequested

Das schien mir doch ziemlich unsinnig, deshalb habe ich alle Einträge außer "Encryption IfRequested" gelöscht.

Tja, und ich weiß nicht, an welcher Maßnahme es nun liegt, aber es sieht so aus, als würde jetzt alles so funktionieren, wie ich mir das vorstelle! Sogar nach einem Neustart des Rechners!
Sollten die Probleme damit wirklich gelöst sein, muss ich sagen: Nochmal EXTRA DANKE, Max!! Diesmal nochmal besonders für den "Einblick in mein System".

Aber ich wollte doch eigentlich nicht in Jubel ausbrechen, sonst bestraft mich CUPS bestimmt sofort.
Top
Post Reply

Return to “Sonstiges”