2.3. Step 3 - Configure CUPS and Samba

Make sure to not publish shared printers in CUPS and Samba. Publishing shared printers creates a loophole by which users can access a printer directly from their workstation and print outside the control of SavaPage.

For Samba, just edit the /etc/samba/smb.conf file and disable the [printers] share definition.

In CUPS, do not enable the Publish shared printers connected to this system option as offered in the Print Server Settings dialog. When no such dialog is available you can make the adaption in the CUPS Administrator Web interface (Share printers connected to this system), or manually in the cupsd.conf [6]file.


Before editing cupsd.conf first stop CUPS by entering this command:

sudo systemctl stop cups.service

When editing cupsd.conf change this content snippet, that publishes local printers and allows access from all machine on the local network...

# Allow remote access
Port 631

# Share local printers on the local network.
Browsing On

<Location />
  # Allow access to the server...
  Order allow,deny
  Allow @LOCAL

... to this snippet that restricts CUPS access from localhost only ...

# Only listen for connections from the local machine.
Listen localhost:631

# Disable printer sharing.
Browsing Off

<Location />
  Order allow,deny

... and leave all other content as it is.


Each individual proxy candidate CUPS printer must be shared locally so the savapage system account can access it. Enabling the shared option can be done in a printer GUI dialog, in the CUPS Administrator Web interface, or directly in the printers.conf [7] file by setting the Shared Yes option for a printer.

2.3.1. CUPS Remote Printer Browsing

To prevent remote printers that DNSSD broadcast themselves, to be discovered by CUPS and synchronized into SavaPage, edit cups-browsed.conf [8]file, and change it as follows:

BrowseRemoteProtocols none

2.3.2. CUPS Job History

An active SavaPage server captures print job statuses real-time, but when the server is restarted it needs CUPS job history to catch up with the latest statuses. To avoid lost job statuses, CUPS must be told to Preserve job history.

You can set the Job History option in the Print Server Settings dialog (Preserve job history but not files, or optionally Preserve job history (allow reprinting)), in the CUPS Administrator Web Interface (Advanced settings, Retain Metadata : Yes, and optionally Retain Documents : Yes) , or manually by changing the cupsd.conf file as follows:

MaxJobs 500               1
PreserveJobHistory Yes    2
PreserveJobFiles No       3


MaxJobs Controls the maximum number of jobs that are kept in memory. Once the number of jobs reaches the limit, the oldest completed job is automatically purged from the system to make room for the new one. If all of the known jobs are still pending or active then the new job will be rejected. The default setting is 500 (in this example this default is explicitly set). Set to 0 to allow an unlimited number of jobs.


PreserveJobHistory specifies whether metadata is preserved after a job is printed. A value of Yes will preserve history, a value of No will not. If a numeric value is specified, history is preserved for the indicated number of seconds after printing. Set to Yes.


PreserveJobFiles specifies whether job files (documents) are preserved after printing. A value of Yes will preserve files, a value of No will not. If a numeric value is specified, files are preserved for the indicated number of seconds after printing. Set this option as you wish, but remember that (spool) files can get big. If you run SavaPage on a host system with limited storage (for instance on a virtual machine) you better set this value to No.

The number of preserved history jobs can be checked with this command:

sudo find /var/spool/cups/ -maxdepth 1 -type f -name 'c*' | wc -l

The number of preserved job files can be checked with:

sudo find /var/spool/cups/ -maxdepth 1 -type f -name 'p*' | wc -l

2.3.3. CUPS Job ID

This section gives you some background information about the ID that CUPS assigns to a print job[9]. There is nothing you need to configure for this, and you don't really need to consider this info at a first time SavaPage installation. However, do read carefully when Migrating to a New Server, or if you plan to meddle with CUPS cache.

The CUPS Job ID is a global integer that is incremented and assigned to each new print job. In this way, a Job ID refers to a single job within the CUPS cache. When a document is printed from SavaPage, its Job ID is persisted in the SavaPage database and used to retrieve CUPS job status information, or to link incoming CUPS status notifications to the printed document.

When you delete the content of the CUPS cache directory /var/cache/cups/, the Job ID offset is reset to zero. If SavaPage depends on this CUPS instance, the cache will be out-of-sync with the CUPS Job ID range as persisted in the SavaPage database. This will most likely result in newly issued job ID's that are already present in the SavaPage database, and so introduce a non-unique relation between printed document and CUPS job ID. Also, when SavaPage is moved to another server an out-of-sync is very likely.

How does SavaPage deal with the possibility of an out-of-sync situation?

  1. For incoming CUPS notifications, the most recent document that matches the provided Job ID, and has not yet reached final state (completed, cancelled, aborted), is updated with the provided status.

  2. When retrieval of Job ID status information for a document with non-final state from CUPS fails, then print status is set to unknown and time completed to system time.

2.3.4. CUPS Job Privacy

CUPS makes job-name, job-originating-host-name and job-originating-user-name private by default. This means that personal data are anonymized in the CUPS Web interface, as shown below.

CUPS Job Privacy

Figure 2.1. CUPS Job Privacy

You can restore the default by changing the JobPrivateValues directive in the cupsd.conf file as follows:

<Policy default>
  JobPrivateValues default

2.3.5. CUPS Web Interface

If you want to use the CUPS Web Interface for administration from all machines on the local network you should adapt cupsd.conf as follows:

# Allow remote access
Port 631

# Disable printer sharing.
Browsing Off

WebInterface Yes

<Location />
  # Allow shared printing...
  Order allow,deny
  Allow @LOCAL

<Location /admin>
  Order allow,deny
  Allow @LOCAL

<Location /admin/conf>
  AuthType Default
  Require user @SYSTEM
  Order allow,deny
  Allow @LOCAL


The @LOCAL name will allow access from all local interfaces. This can be confusing since the host system running CUPS often belongs to a different set of subnets from its clients. In that case you can specify multiple Allow directives, one for each allowed subnet. See the cupsd.conf man page.

2.3.6. CUPS systemd service

The scheduler for CUPS is called cupsd. When run from systemd some systems pass the -l parameter, so cupsd is run on demand by socket and path activation. The advantage of this setup is that CUPS is activated when needed, saving precious boot time and resources, and deactivated again after being idle for a while. This lazy activation scenario is efficient for desktop systems that print occasionally and for which printing is not time critical. However, dedicated print systems like SavaPage, that intensively use IPP to communicate with CUPS, need CUPS to be full-time activated. Therefore the systemd cups.service unit must effectively start cupsd with the -f parameter, so it runs steadily in the foreground.

Check the /lib/systemd/system/cups.service unit: ExecStart must start cupsd with the -f parameter. If not, edit the CUPS service unit with this command:

sudo systemctl edit cups

This launches a text editor for creating the file:


Add the following lines:

ExecStart=/usr/sbin/cupsd -f

Save the file and close the editor. Usually, after you edited a systemd unit file, for it to take effect, you need to run:

sudo systemctl daemon-reload

However, the systemctl edit command automatically did this for you. You can check the effect of the override with this command:

systemctl cat cups.service | grep Exec

... it should show:

ExecStart=/usr/sbin/cupsd -l
ExecStart=/usr/sbin/cupsd -f 

You can check if /usr/sbin/cupsd -f is active with this command:

systemctl status cups.service

2.3.7. Test CUPS

When CUPS was stopped earlier you need to start CUPS again with this command:

sudo systemctl start cups.service

Now you can test if the CUPS print queues to be used as Proxy Printer work as expected.

[6] On Debian, RHEL and openSUSE systems cupsd.conf is located in the /etc/cups/ directory.

[7] On Debian, RHEL and openSUSE systems printers.conf is located in the /etc/cups/ directory.

[8] On Debian, RHEL and openSUSE systems cups-browsed.conf is located in the /etc/cups/ directory.

[9] CUPS NextJobId is held in /var/cache/cups/job.cache