2.3. Step 3 - Configure CUPS and Samba

Make sure to not publish shared printers in CUPS and Samba. Publishing shared printers creates a loophole by which users can access a printer directly from their workstation and print outside the control of SavaPage.

For Samba, just edit the /etc/samba/smb.conf file and disable the [printers] share definition.

In CUPS, do not enable the Publish shared printers connected to this system option as offered in the Print Server Settings dialog. When no such dialog is available you can make the adaption in the CUPS Administrator Web interface (Share printers connected to this system), or manually in the cupsd.conf [7]file.

Important

Before editing cupsd.conf first stop CUPS by entering this command:

sudo service cups stop

When editing cupsd.conf change this content snippet, that publishes local printers and allows access from all machine on the local network...

# Allow remote access
Port 631

# Share local printers on the local network.
Browsing On

<Location />
  # Allow access to the server...
  Order allow,deny
  Allow @LOCAL
</Location>

... to this snippet that restricts CUPS access from localhost only ...

# Only listen for connections from the local machine.
Listen localhost:631

# Disable printer sharing.
Browsing Off

<Location />
  Order allow,deny
</Location>

... and leave all other content as it is.

Important

Each individual proxy candidate CUPS printer must be shared locally so the savapage system account can access it. Enabling the shared option can be done in a printer GUI dialog, in the CUPS Administrator Web interface, or directly in the printers.conf [8] file by setting the Shared Yes option for a printer.

2.3.1. CUPS Remote Printer Browsing

To prevent remote printers that DNSSD broadcast themselves, to be discovered by CUPS and synchronized into SavaPage, edit cups-browsed.conf [9]file, and change it as follows:

BrowseRemoteProtocols none

2.3.2. CUPS Job History

An active SavaPage server captures print job statuses real-time, but when the server is restarted it needs CUPS job history to catch up with the latest statuses. To avoid lost job statuses, CUPS must be told to Preserve job history.

You can set the Job History option in the Print Server Settings dialog (Preserve job history but not files, or optionally Preserve job history (allow reprinting)), in the CUPS Administrator Web Interface (Advanced settings, Retain Metadata : Yes, and optionally Retain Documents : Yes) , or manually by changing the cupsd.conf file as follows:

MaxJobs 0                 1
PreserveJobHistory Yes    2
PreserveJobFiles No       3

1

MaxJobs specifies the maximum number of simultaneous jobs that are allowed. Set to 0 to allow an unlimited number of jobs.

2

PreserveJobHistory specifies whether metadata is preserved after a job is printed. A value of Yes will preserve history, a value of No will not. If a numeric value is specified, history is preserved for the indicated number of seconds after printing. Set to Yes.

3

PreserveJobFiles specifies whether job files (documents) are preserved after printing. A value of Yes will preserve files, a value of No will not. If a numeric value is specified, files are preserved for the indicated number of seconds after printing. Set this option as you wish, but remember that (spool) files can get big. If you run SavaPage on a host system with limited storage (for instance on a virtual machine) you better set this value to No.

2.3.3. CUPS Job Privacy

CUPS makes job-name, job-originating-host-name and job-originating-user-name private by default. This means that personal data are anonymized in the CUPS Web interface, as shown below.

CUPS Job Privacy

Figure 2.1. CUPS Job Privacy


You can restore the default by changing the JobPrivateValues directive in the cupsd.conf file as follows:

<Policy default>
  JobPrivateValues default

2.3.4. CUPS Web Interface

If you want to use the CUPS Web Interface for administration from all machines on the local network you should adapt cupsd.conf as follows:

# Allow remote access
Port 631

# Disable printer sharing.
Browsing Off

WebInterface Yes

<Location />
  # Allow shared printing...
  Order allow,deny
  Allow @LOCAL
</Location>

<Location /admin>
  Order allow,deny
  Allow @LOCAL
</Location>

<Location /admin/conf>
  AuthType Default
  Require user @SYSTEM
  Order allow,deny
  Allow @LOCAL
</Location>

2.3.5. CUPS systemd service

The scheduler for CUPS is called cupsd. When run from systemd some systems pass the -l parameter, so cupsd is run on demand by socket and path activation. The advantage of this setup is that CUPS is activated when needed, saving precious boot time and resources, and deactivated again after being idle for a while. This lazy activation scenario is efficient for desktop systems that print occasionally and for which printing is not time critical. However, dedicated print systems like SavaPage, that intensively use IPP to communicate with CUPS, need CUPS to be full-time activated. Therefore the systemd cups.service unit must effectively start cupsd with the -f parameter, so it runs steadily in the foreground.

Check the /lib/systemd/system/cups.service unit: ExecStart must start cupsd with the -f parameter. If not, edit the CUPS service unit with this command:

sudo systemctl edit cups

This launches a text editor for creating the file:

/etc/systemd/system/cups.service.d/override.conf

Add the following lines:

[Service]
ExecStart=
ExecStart=/usr/sbin/cupsd -f

Save the file and close the editor. Usually, after you edited a systemd unit file, for it to take effect, you need to run:

sudo systemctl daemon-reload

However, the systemctl edit command automatically did this for you. You can check the effect of the override with this command:

systemctl cat cups.service | grep Exec

... it should show:

ExecStart=/usr/sbin/cupsd -l
ExecStart=
ExecStart=/usr/sbin/cupsd -f 

You can check if /usr/sbin/cupsd -f is active with this command:

systemctl status cups.service

2.3.6. Test CUPS

When CUPS was stopped earlier you need to start CUPS again with this command:

sudo service cups start

Now you can test if the CUPS print queues to be used as Proxy Printer work as expected.



[7] On Debian, RHEL and openSUSE systems cupsd.conf is located in the /etc/cups/ directory.

[8] On Debian, RHEL and openSUSE systems printers.conf is located in the /etc/cups/ directory.

[9] On Debian, RHEL and openSUSE systems cups-browsed.conf is located in the /etc/cups/ directory.