服务器评测
今天终于成功在Ubuntu7.10Server上成功测试了cups+hp1010
需要注意的地方记录下来:
缺省安装好Ubuntu之后,系统会出于安全考虑对CUPS系统进行限制,主要有以下几点:
1、不能通过Web界面 http://localhost:631/admin 对CUPS进行Web管理;
2、不能在其他机器上通过Web界面访问本机的http://localhost:631,以查看打印状态;
3、不能在其他机器上通过IPP协议来共享本机的打印机。
对上述三个问题,大家可以按照自己的需要做不同的设置:
1、造成该限制的原因很简单,由于cupsys用户没有访问/etc/shadow文件的权限,所以它无法识别用户真伪,要解决则很简单,只需要将该用户加入到passwd组中即可。命令如下:
$sudo adduser cupsys shadow
另:对打印机有管理权限的组是lpadmin组,所以如果要设立一个对CUPS系统有管理权的用户,只需要将该用户加入到lpadmin组即可,假设该打印管理员是firehare,那么只需要下列命令:
$sudo adduser firehare lpadmin
然后输入
$sudo /etc/init.d/cupsys force-reload
接下来我们试试在Firefox里输入:http://localhost:631/admin,然后输入超级用户或lpadmin组里的用户及密码均可进入到管理界面中。
以下是我的/etc/cups/cups.conf的配置文件
#
#
# Sample configuration file for the Common UNIX Printing System (CUPS)
# scheduler. See “man cupsd.conf” for a complete description of this
# file.
#
# Log general information in error_log – change “info” to “debug” for
# troubleshooting…
LogLevel warning
# Administrator user group…
SystemGroup lpadmin
# Only listen for connections from the local machine.
Listen 0.0.0.0:631
Listen /var/run/cups/cups.sock
# Show shared printers on the local network.
Browsing Off
BrowseOrder allow,deny
BrowseAllow @LOCAL
BrowseAddress @LOCAL
# Default authentication type, when authentication is required…
DefaultAuthType Basic
# Restrict access to the server…
<Location />
Order allow,deny
Allow 192.168.1.110
Allow @LOCAL
</Location>
# Restrict access to the admin pages…
<Location /admin>
Order allow,deny
Allow 192.168.1.110
</Location>
# Restrict access to configuration files…
<Location /admin/conf>
AuthType Basic
Require user @SYSTEM
Order allow,deny
Allow 192.168.1.110
</Location>
# Set the default printer/job policies…
<Policy default>
# Job-related operations must be done by the owner or an adminstrator…
<Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job CUPS-Move-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
# All administration operations require an adminstrator to authenticate…
<Limit Pause-Printer Resume-Printer Set-Printer-Attributes Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After CUPS-Add-Printer CUPS-Delete-Printer CUPS-Add-Class CUPS-Delete-Class CUPS-Accept-Jobs CUPS-Reject-Jobs CUPS-Set-Default>
AuthType Basic
Require user @SYSTEM
Order deny,allow
</Limit>
# Only the owner or an administrator can cancel or authenticate a job…
<Limit Cancel-Job CUPS-Authenticate-Job>
Require user @OWNER @SYSTEM
Order deny,allow
</Limit>
<Limit All>
Order deny,allow
</Limit>
</Policy>
#
#
#
# Printcap: the name of the printcap file. Default is /etc/printcap.
# Leave blank to disable printcap file generation.
#
Printcap /var/run/cups/printcap
#
# PrintcapFormat: the format of the printcap file, currently either
# BSD or Solaris. The default is “BSD”.
#
#PrintcapFormat BSD
#PrintcapFormat Solaris
#
# PrintcapGUI: the name of the GUI options panel program to associate
# with print queues under IRIX. The default is “/usr/bin/glpoptions”
# from ESP Print Pro.
#
# This option is only used under IRIX; the options panel program
# must accept the “-d printer” and “-o options” options and write
# the selected printer options back to stdout on completion.
#
#PrintcapGUI /usr/bin/glpoptions
我这里是只允许192.168.1.110的机器来管理这台cups
呵,呵,就这么简单!
