D.Horiyama's output

LPIC あずき本v5.0 ch10.4 プリンタ管理

LPICLinux勉強メモ

プリンタ管理

印刷の仕組み

  • CUPS: Common Unix Printing System

    • 印刷サブシステム(バックエンド)
    • 多くのLinuxディストリで採用

  • 特徴

    • IPP: Internet Printer Protocol

      • ネットワーク上のプリンタをサポートする
      • インターネット経由も可

    • PPD: PostScript Printer Description

      • AdobeのPPD形式のファイル(テキストファイル)でデバイスドライバの設定ができる

    • Webベースで設定可能

      • Webブラウザから設定

        • localhost:631

    • プリンタクラスのサポート

      • 複数のローカルプリンタを1つのクラスにグループ化
      • lpadmin -cコマンド

  • 印刷の流れ

    1. 印刷データ受け取る

      • データ元

        • アプリケーション

        • 印刷コマンド

          • lpr

      • 設定ファイル: PPD

        • プリンタの機種依存情報
    2. スプーラが印刷データを受け付け、スケジューリングを行う

    3. プリンタが直接受け付けられないデータを中間形式に変換

      • PDF
      • PostScript

    4. PPDに定義されたフィルタにより、最終の印刷データに変換する

      • pdftopdf
      • pdftopvp
      • etc.
    5. 処理した印刷データをCUPSのバックエンドに送る

    6. CUPSバックエンドは印刷データをプリンタに渡す

      • ローカル接続

        • USB

      • ネットワーク経由

        • IPP
        • LPR

  • /etc/cups/ppd/

    • PPDファイルを格納

  • /etc/cups/cupsd.conf

    • CUPSの設定ファイル
    • 印刷要求をネットワーク経由で受け付ける場合のポート番号
    • 接続するクライアントのアクセス許可
#
# Configuration file for the CUPS scheduler.  See "man cupsd.conf" for a
# complete description of this file.
#

# Log general information in error_log - change "warn" to "debug"
# for troubleshooting...
LogLevel warn
PageLogFormat

# Deactivate CUPS' internal logrotating, as we provide a better one, especially
# LogLevel debug2 gets usable now
MaxLogSize 0

# Only listen for connections from the local machine.
Listen localhost:631
Listen /run/cups/cups.sock

# Show shared printers on the local network.
Browsing Off
BrowseLocalProtocols dnssd

# Default authentication type, when authentication is required...
DefaultAuthType Basic

# Web interface setting...
WebInterface Yes

# Restrict access to the server...
<Location />
  Order allow,deny
</Location>

# Restrict access to the admin pages...
<Location /admin>
  Order allow,deny
</Location>

# Restrict access to configuration files...
<Location /admin/conf>
  AuthType Default
  Require user @SYSTEM
  Order allow,deny
</Location>

# Restrict access to log files...
<Location /admin/log>
  AuthType Default
  Require user @SYSTEM
  Order allow,deny
</Location>

# Set the default printer/job policies...
<Policy default>
  # Job/subscription privacy...
  JobPrivateAccess default
  JobPrivateValues default
  SubscriptionPrivateAccess default
  SubscriptionPrivateValues default

  # Job-related operations must be done by the owner or an administrator...
  <Limit Create-Job Print-Job Print-URI Validate-Job>
    Order deny,allow
  </Limit>

  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>

  # All administration operations require an administrator to authenticate...
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default CUPS-Get-Devices>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>

  # All printer operations require a printer operator to authenticate...
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>

  # Only the owner or an administrator can cancel or authenticate a job...
  <Limit Cancel-Job CUPS-Authenticate-Job>
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>

  <Limit All>
    Order deny,allow
  </Limit>
</Policy>

# Set the authenticated printer/job policies...
<Policy authenticated>
  # Job/subscription privacy...
  JobPrivateAccess default
  JobPrivateValues default
  SubscriptionPrivateAccess default
  SubscriptionPrivateValues default

  # Job-related operations must be done by the owner or an administrator...
  <Limit Create-Job Print-Job Print-URI Validate-Job>
    AuthType Default
    Order deny,allow
  </Limit>

  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
    AuthType Default
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>

  # All administration operations require an administrator to authenticate...
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>

  # All printer operations require a printer operator to authenticate...
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>

  # Only the owner or an administrator can cancel or authenticate a job...
  <Limit Cancel-Job CUPS-Authenticate-Job>
    AuthType Default
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>

  <Limit All>
    Order deny,allow
  </Limit>
</Policy>

# Set the kerberized printer/job policies...
<Policy kerberos>
  # Job/subscription privacy...
  JobPrivateAccess default
  JobPrivateValues default
  SubscriptionPrivateAccess default
  SubscriptionPrivateValues default

  # Job-related operations must be done by the owner or an administrator...
  <Limit Create-Job Print-Job Print-URI Validate-Job>
    AuthType Negotiate
    Order deny,allow
  </Limit>

  <Limit Send-Document Send-URI Hold-Job Release-Job Restart-Job Purge-Jobs Set-Job-Attributes Create-Job-Subscription Renew-Subscription Cancel-Subscription Get-Notifications Reprocess-Job Cancel-Current-Job Suspend-Current-Job Resume-Job Cancel-My-Jobs Close-Job CUPS-Move-Job CUPS-Get-Document>
    AuthType Negotiate
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>

  # All administration operations require an administrator to authenticate...
  <Limit CUPS-Add-Modify-Printer CUPS-Delete-Printer CUPS-Add-Modify-Class CUPS-Delete-Class CUPS-Set-Default>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>

  # All printer operations require a printer operator to authenticate...
  <Limit Pause-Printer Resume-Printer Enable-Printer Disable-Printer Pause-Printer-After-Current-Job Hold-New-Jobs Release-Held-New-Jobs Deactivate-Printer Activate-Printer Restart-Printer Shutdown-Printer Startup-Printer Promote-Job Schedule-Job-After Cancel-Jobs CUPS-Accept-Jobs CUPS-Reject-Jobs>
    AuthType Default
    Require user @SYSTEM
    Order deny,allow
  </Limit>

  # Only the owner or an administrator can cancel or authenticate a job...
  <Limit Cancel-Job CUPS-Authenticate-Job>
    AuthType Negotiate
    Require user @OWNER @SYSTEM
    Order deny,allow
  </Limit>

  <Limit All>
    Order deny,allow
  </Limit>
</Policy>

  • /etc/printers.conf

    • プリンタに関する情報等
ls -l /etc/cups/printers.conf
  • 見せられないよ
-rw------- 1 root lp 110  4月 13 21:50 /etc/cups/printers.conf
sudo cat /etc/cups/printers.conf
  • 一度もプリンタに繋いだことがないからか何も書いていなかった
# Printer configuration file for CUPS v2.2.7
# Written by cupsd
# DO NOT EDIT THIS FILE WHEN CUPSD IS RUNNING

  • Webブラウザで設定できる

    • localhost:631
  • cupsサービスが動いていないと設定不可
sudo systemctl stop cups.service
systemctl is-active cups.service
inactive
curl localhost:631 --head
curl: (7) Failed to connect to localhost port 631: 接続を拒否されました
  • サービス動かす
# /etc/init.d/cups start       # SysVinit
systemctl start cups.service # Systemd
  • 動作確認
  • サービス
systemctl is-active cups
active
  • 631番ポート
netstat -at | grep ipp
tcp        0      0 localhost:ipp           0.0.0.0:*               LISTEN     
tcp6       0      0 ip6-localhost:ipp       [::]:*                  LISTEN     
ss -at | grep ipp
LISTEN   0         5                                        127.0.0.1:ipp                                                 0.0.0.0:*                             
LISTEN   0         5                                            [::1]:ipp                                                    [::]:*
  • アクセスできる
curl localhost:631 --head
HTTP/1.1 200 OK
Connection: Keep-Alive
Content-Language: ja_JP
Content-Length: 2567
Content-Type: text/html; charset=utf-8
date: Wed, 17 Apr 2019 04:50:37 GMT
Keep-Alive: timeout=10
Last-Modified: Wed, 12 Dec 2018 07:31:14 GMT
Accept-Encoding: gzip, deflate, identity
Server: CUPS/2.2 IPP/2.1
X-Frame-Options: DENY
Content-Security-Policy: frame-ancestors 'none'

印刷関連コマンド

lprコマンド

- ファイルや標準入力を印刷
  • /etc/passwdを5部印刷する例
lpr -#5 /etc/passwd
cat /etc/passwd | lpr -#5 
lpstat -a 
cat /etc/printcap

lpqコマンド

  • プリントキュー表示

    • 印刷ジョブ(印刷指示の情報)が格納されるキュー
  • -Pオプションでプリンタ指定

lprmコマンド

  • プリントキュー上の印刷要求の削除

    • 一般ユーザ: 自分のもの
    • root: すべて

  • オプション

    • -P

      • プリンタ指定

    • -

      • 消せるもの全消し