Chapter22.PaperCut NG on Linux
Chapter 22. PaperCut NG on Linux Prev
Nex t Search...
Chapter 22. PaperCut NG on Linux Table of Contents The Installation Process Manual ex traction The install process Linux Print Queue Integration Adv anced Configuration & Logs Backups & Sy stem Management User Directory and Authentication Standard Unix Samba/Windows Domain Custom Unix Command-Line Release Station Client Installing the Command-Line Release Station Client Remov ing PaperCut NG from a Linux serv er Linux FA Q
This section is designed to supplement the Install Guide (see the section called “Installation on Linux (CUPS and/or Samba)”). It prov ides an in-depth ex planation of the Linux installation process, the directory lay out and tools. Information in this chapter is technical in nature. It is ex pected that readers hav e prior ex perience with: The Unix command line env ironment Unix file permissions Configuring CUPS and/or Linux print queues Or basic Samba configuration
The Installation Process The Linux v ersion of PaperCut NG is supplied as a pre-compiled self-installing application. The installation process is designed to work with all major Linux distributions. Due to the v aried nature of some installations and administrator preferences, often some manual configuration is required. This section describes the installation process in detail as well as some additional options av ailable to sy stem administrators.
Manual extraction The Linux v ersion of PaperCut NG is supplied in a self-ex tracting, self-installing archiv e. The archiv e is simply a tar archiv e compressed with gzip, and headed with a shell script to facilitate self-ex tracting. A fter ex traction is complete, the installation script named install is ex ecuted to begin the install process. Some sy stem administrators may like to inspect the contents of the archiv e, and possibly the installation process itself prior to the actual install. The self-ex tracting installer takes a number of command line arguments. The -e argument will ex tract the archiv e into the current working directory ready for inspection. Further options and documentation is av ailable v ia the --help option. papercut.com/products/…/ch-linux.html
Chapter22.PaperCut NG on Linux
Usage: pcng-setup.sh [-e|-i|-l] [-v] [-n] [list ...] -e Extract the files and then exit without installing. -i Install after extracting the files (default). -l List the contents of the archive and exit without extracting. -v Verbose. Print the names of the files as they are extracted. list The list of files to extract."
The install process Ev en though the majority of the installation process is completed under the identity of the non-priv ileged user account called papercut, most administrators would like to know what the install process does. The main steps are outlined below: Ex traction The first stage in the install process ex tracts the archiv e to /tmp or a location as defined by an env ironment v ariable TMPDIR. The command-line programs tar and gunzip are used during this phase. Installation After ex traction is complete the installation script is called. The install script, called install, will present the EULA and request acceptance. The script then determines the install location. This is the papercut user's home directory . The home directory is determined by the HOME env ironment v ariable, or if not set, the result of a call to getpwnam(). Files are then copied into the papercut user's home directory . Care is taken not to ov erwrite any ex isting data or configuration files if this is an install-ov er-the-top upgrade. Perm issions To ensure the default installation is secure by default, permissions are applied to key files. The following area of the application are restricted to the papercut user only : Area
~/server/server.properties Contains serv er configuration inclu ding the default adm in passw ord. ~/server/data
This directory contains application data including database files. Som e of this data m ay contain sensitiv e inform ation.
This directory contains a setuid-root binary . Ev en though the binary is no use to an end-user or hacker, good secu rity practice stipulates that w e shou ld only allow the papercut u ser access to this directory .
T able 22.1. Secured Application Areas Permissions can be checked and re-applied at any time post-install by running the scripts: ~/server/bin/linux-*/setperms ~/providers/print/linux-*/setperms
Chapter22.PaperCut NG on Linux
Firewall The PaperCut NG Application Server (pc-app process) listens on port 91 91 . This port is used for browser based administration access, for client access, and other serv ices. Ensure that any firewall or local IP filtering software such as iptables is set to allow local network traffic access to this port. Root Lev el T asks A small part of the install process needs to run as the root account. The tasks conducted as root include: Setting the authpam binary as setuid-root. This binary is used for password v erification. Installing a CUPS backend. This is done by placing a sy mlink in the CUPS lib/backend directory . Setting up SY SV sty le start scripts if the sy stem uses this boot process. This is done by placing sy mlinks in the: /etc/init.d/ /etc/rc3.d/ /etc/rc5.d/ and so on...
If the administrator decides not to run the root-lev el tasks during the install process, the tasks can be run again post-install by ex ecuting the shell scripts: ~/server/bin/linux-*/roottasks ~/providers/print/linux-*/roottasks
Alternativ ely the administrator can v iew the scripts and make the required changes by hand.
Linux Print Queue Integration PaperCut NG is able to integrate with and monitor CUPS, Samba and Nov ell iPrint based print queues. The configuration and an ex planation of the integration methods follows: CUPS Configuration Ov erv iew If the print queues are managed and controlled v ia CUPS, the Dev ice URI on each printer should be modified so the papercut backend is incorporated into the print process. This can be done automatically by running the configure-cups script as root (the simplest option): ~/providers/print/linux-*/configure-cups
and following the interactiv e instructions. A lternativ ely , it can be done manually v ia the CUPS web admin interface or by editing the CUPS printers.conf file: 1 . Open printers.conf (e.g. /etc/cups/printers.conf) 2. Prefix the Dev iceURL for each printers with "papercut:". For ex ample: DeviceURI socket://192.168.1.200:9100
Would become: DeviceURI papercut:socket://192.168.1.200:9100 papercut.com/products/…/ch-linux.html
Chapter22.PaperCut NG on Linux
3. Restart cupsd so the new configuration is detected (e.g. /etc/init.d/cupsd reload)
CUPS Integration Explained CUPS, the Common UNIX Printing Sy stem, is a popular sy stem for managing printers on Linux serv ers. CUPS uses a chain-of-commands concept where filters and backends combine together to form a process steam - a workflow. PaperCut NG hooks into this workflow at the backend lev el, intercepting the job before it's passed on to phy sical printer hardware. The interception is done by wrapping or prox y ing the real CUPS backend. CUPS calls the PaperCut NG backend which processes the job. If the job is approv ed, it passes the document onto the real backend. If the job is denied, it is deleted and proceeds no further. The PaperCut NG backend is usually set up and installed by default during the standard installation. Setting up the PaperCut NG CUPS backend prox y is a relativ ely simple task. A ll the administrator needs to do is prefix the ex isting DeviceURI with papercut:. For ex ample the entry : DeviceURI socket://192.168.1.200:9100
would become: DeviceURI papercut:socket://192.168.1.200:9100
The printer will register itself with PaperCut NG on the first print ev ent. Pa per Cu t NG CUPS A r ch i t ect u r e
The PaperCut NG CUPS backend is a nativ e compiled binary . In PaperCut NG documentation it is referred to it as a Print Provider - a component that prov ides print ev ent information to the A pplication Server. It's responsible for analy zing the print job and then communicating this information to the A pplication Server component. Communication is v ia an XML-RPC based Web Serv ices call. This means that the backend does not ev en need to be on the same serv er as the sy stem hosting the A pplication Serv er component. Sam ba Configuration Ov erv iew If the print queues are ex posed to network workstations using Samba (Samba Website) , and a print sy stem other than CUPS is used (e.g. BSD, LPRNG, SY SV, etc.) the smb.conf needs some additional configuration. The "print command" needs to be replaced with a PaperCut NG command. 1 . Open the smb.conf (e.g. /etc/samba/smb.conf) 2. Under the [global] section insert the line: print command=/home/papercut/providers/print/linux-i686/samba-print-provider -u "%u" -J "%J" -h "%h" -m "%m" -p "%p" -s "%s" -a "[standard print command]" &
(IMPORTA NT: The abov e information should appear all on a single line. Note the use of the & (ampersand) on the end of the line.) where [standard print command] is the command that would normally called for printing. Ty pical ex amples of commands usually used for printer are listed below: Ty pe
Chapter22.PaperCut NG on Linux Command
BSD, AIX, QNX, LPRNG or PLP lpr -r -P%p %s
SYSV or HPUX
lp -c -d%p %s; rm %s
T able 22.2. Standard print com m ands More information on standard print commands is av ailable under the Samba documentation installed on y our sy stem (see man smb.conf).
Sam ba Integration Ex plained Samba is used to prov ide file and print sharing to Windows sy stems and is a popular solution. One of the main reasons for its popularity is that it av oids the need for ex pensiv e Microsoft Windows serv er licenses! Samba ex poses the locally set up Linux /Unix printers as network shared Windows printers. It does this by wrapping the underly ing print sy stem - usually CUPS or LPR/LPD. In the case of LPR, Samba calls the standard lp command line programs to perform printing. PaperCut NG works by wrapping or prox y ing the "print command". More information on how Samba interacts with the underly ing print sy stem is av ailable in the Samba documentation. A ty pical entry in the Samba configuration file smb.conf defining the PaperCut NG print command wrapper would be: print command=/home/papercut/providers/print/linux-i686/samba-print-provider -u "%u" -J "%J" -h "%h" -m "%m" -p "%p" -s "%s" -a "[standard print command]" & (IMPORTANT: The above information should appear all on the one line. Note the use of the & (ampersand) on the end of the line.)
where [standard print command] is the command that would normally be called for printing. The %u, %p, etc., are Samba substitution v ariables. These are replaced with content such as the username, printer name, etc. and are used by PaperCut NG in the reporting and logging. The printer will register itself with the PaperCut NG web interface after the first print is receiv ed. Pa per Cu t NG Sa m ba A r ch i t ect u r e
The PaperCut NG Samba print command wrapper is a nativ e compiled ex ecutable. The PaperCut NG documentation refers to it as a Print Provider. It's responsible for analy zing the print job and then communicating this information to the Application Server component. Communication is v ia an XML-RPC based Web Serv ices call. This means that the command does not ev en need to be on the same serv er as the sy stem hosting the Application Serv er component. Nov ell iPrint Configuration PaperCut NG works by directly integrating with the Nov ell iPrint Print Manager. The configuration process is detailed in the section called “Step 5 - Printer/iPrint Configuration”. The dev elopment team at PaperCut Software has worked with the Nov ell iPrint engineers during 2008 to ensure an iPrint A PI was av aliable that allow iPrint users to hav e access to the same feature set as seen on Windows, Mac and Linux CUPS. PaperCut NG uses this A PI set to intercept and account for jobs as they pass into the iPrint queue. papercut.com/products/…/ch-linux.html
Chapter22.PaperCut NG on Linux
A dv anced Configuration & Logs
© Copyright 1999-2010. PaperCut Software International Pty Ltd. All rights reserved.