Table of Contents
This section is designed to supplement the Install Guide (see the section called “Installation on Linux (CUPS and/or Samba)”). It provides an in-depth explanation of the Linux installation process, the directory layout and tools.
Information in this chapter is technical in nature. It is expected that readers have prior experience with:
The Unix command line environment
Unix file permissions
Configuring CUPS and/or Linux print queues
Or basic Samba configuration
The Linux version of PaperCut MF is supplied as a pre-compiled self-installing application. The installation process is designed to work with all major Linux distributions. Due to the varied nature of some installations and administrator preferences, often some manual configuration is required. This section describes the installation process in detail as well as some additional options available to system administrators.
The Linux version of PaperCut MF is supplied in a self-extracting, self-installing archive. The archive
is simply a tar
archive compressed with gzip
, and headed with a
shell script to facilitate self-extracting.
After extraction is complete, the installation script named install
is executed
to begin the install process. Some system administrators may like to inspect the contents
of the archive, and possibly the installation process itself prior to the actual install. The
self-extracting installer takes a number of command line arguments. The -e
argument will extract the archive into the current working directory ready for inspection.
Further options and documentation is available via the
--help
option.
Usage: pcmf-setup.sh [-e|-i|-l] [-v] [-n] [list ...] -e Extract the files and then exit without installing. -i Install after extracting the files (default). -l List the contents of the archive and exit without extracting. -v Verbose. Print the names of the files as they are extracted. list The list of files to extract."
Even though the majority of the installation process is completed under the identity of the non-privileged user
account called papercut
, most administrators would like to know what the install
process does. The main steps are outlined below:
The first stage in the install process extracts the archive to /tmp
or
a location as defined by an environment variable TMPDIR
. The command-line
programs tar
and gunzip
are used during this phase.
After extraction is complete the installation script is called. The install script,
called install
, will present the EULA and request acceptance. The script
then determines the install location. This is the papercut
user's home
directory. The home directory is determined by the HOME
environment
variable, or if not set, the result of a call to getpwnam()
.
Files are then copied into the papercut
user's home directory. Care
is taken not to overwrite any existing data or configuration files if this is an
install-over-the-top upgrade.
To ensure the default installation is secure by default, permissions are applied to key files.
The following area of the application are restricted to the papercut
user only:
Area | Comments |
---|---|
| Contains server configuration including the default admin password. |
| This directory contains application data including database files. Some of this data may contain sensitive information. |
|
This directory contains a setuid-root binary. Even though
the binary is no use to an end-user or hacker, good security
practice stipulates that we should only allow the
|
Table 26.1. Secured Application Areas
Permissions can be checked and re-applied at any time post-install by running the scripts:
~/server/bin/linux-*/setperms ~/providers/print/linux-*/setperms
The PaperCut MF Application Server (pc-app
process) listens on port 9191.
This port is used for browser based administration access, for client access, and other services. Ensure that any
firewall or local IP filtering software such as iptables
is set to allow local network traffic
access to this port.
A small part of the install process needs to run as the root
account.
The tasks conducted as root include:
Setting the authpam
binary as setuid-root. This binary is
used for password verification.
Installing a CUPS backend. This is done by placing a symlink in the CUPS lib/backend directory.
Setting up SYSV style start scripts if the system uses this boot process. This is done by placing symlinks in the:
/etc/init.d/ /etc/rc3.d/ /etc/rc5.d/ and so on...
If the administrator decides not to run the root-level tasks during the install process, the tasks can be run again post-install by executing the shell scripts:
~/server/bin/linux-*/roottasks ~/providers/print/linux-*/roottasks
Alternatively the administrator can view the scripts and make the required changes by hand.
PaperCut MF is able to integrate with and monitor CUPS, Samba and Novell iPrint based print queues. The configuration and an explanation of the integration methods follows:
If the print queues are managed and controlled via CUPS, the Device URI on each printer should be modified
so the papercut
backend is incorporated into the print process. This can be done
automatically by running the configure-cups
script as root
(the simplest option):
~/providers/print/linux-*/configure-cups
and following the interactive instructions. Alternatively, it can be done manually via the CUPS web admin interface or by editing the
CUPS printers.conf
file:
Open printers.conf
(e.g. /etc/cups/printers.conf
)
Prefix the DeviceURL for each printers with "papercut:
". For example:
DeviceURI socket://192.168.1.200:9100
Would become:
DeviceURI papercut:socket://192.168.1.200:9100
Restart cupsd
so the new configuration is detected
(e.g. /etc/init.d/cupsd reload
)
CUPS, the Common UNIX Printing System, is a popular system for managing printers on Linux servers.
CUPS uses a chain-of-commands concept where filters
and
backends
combine together to form a process steam - a workflow. PaperCut MF
hooks into this workflow at the backend level, intercepting the job before it's passed on to
physical printer hardware.
The interception is done by wrapping or proxying the real CUPS backend
. CUPS calls the PaperCut MF
backend which processes the job. If the job is approved, it passes the document onto the real backend. If the job is denied, it
is deleted and proceeds no further. The PaperCut MF backend is usually set up and installed by default during the standard
installation.
Setting up the PaperCut MF CUPS backend proxy is a relatively simple task. All the administrator needs to do is
prefix the existing DeviceURI
with papercut:
. For example the entry:
DeviceURI socket://192.168.1.200:9100
would become:
DeviceURI papercut:socket://192.168.1.200:9100
The printer will register itself with PaperCut MF on the first print event.
The PaperCut MF CUPS backend is a native compiled binary. In PaperCut MF documentation it is referred to it as a Print Provider - a component that provides print event information to the Application Server. It's responsible for analyzing the print job and then communicating this information to the Application Server component. Communication is via an XML-RPC based Web Services call. This means that the backend does not even need to be on the same server as the system hosting the Application Server component.
If the print queues are exposed to network workstations using Samba
(Samba Website)
, and a print system other than CUPS is used (e.g. BSD, LPRNG, SYSV, etc.) the
smb.conf
needs some additional configuration. The
"print command
" needs to be replaced with a PaperCut MF command.
Open the smb.conf
(e.g. /etc/samba/smb.conf
)
Under the [global]
section insert the line:
print command=/home/papercut/providers/print/linux-i686/samba-print-provider -u "%u" -J "%J" -h "%h" -m "%m" -p "%p" -s "%s" -a "[standard print command]" &
(IMPORTANT: The above information should appear all on a single line. Note the use of the & (ampersand) on the end of the line.)
where [standard print command]
is the command that would normally called for printing.
Typical examples of commands usually used for printer are listed below:
Type | Command |
---|---|
BSD, AIX, QNX, LPRNG or PLP |
|
SYSV or HPUX |
|
Table 26.2. Standard print commands
More information on standard print commands is available under the Samba documentation
installed on your system (see man smb.conf
).
Samba is used to provide file and print sharing to Windows systems and is a popular solution. One of the main reasons for its popularity is that it avoids the need for expensive Microsoft Windows server licenses!
Samba exposes the locally set up Linux/Unix printers as network shared Windows printers. It does this by wrapping the
underlying print system - usually CUPS or LPR/LPD. In the case of LPR, Samba calls the standard lp
command line programs to perform printing. PaperCut MF works by wrapping or proxying the
"print command
". More information on how Samba interacts with the underlying print system is
available in the Samba documentation.
A typical entry in the Samba configuration file smb.conf
defining the PaperCut MF print command
wrapper would be:
print command=/home/papercut/providers/print/linux-i686/samba-print-provider -u "%u" -J "%J" -h "%h" -m "%m" -p "%p" -s "%s" -a "[standard print command]" & (IMPORTANT: The above information should appear all on the one line. Note the use of the & (ampersand) on the end of the line.)
where [standard print command]
is the command that would normally be called for printing.
The %u
, %p
, etc., are Samba substitution variables. These are replaced
with content such as the username, printer name, etc. and are used by PaperCut MF in the reporting and logging.
The printer will register itself with the PaperCut MF web interface after the first print is received.
The PaperCut MF Samba print command wrapper is a native compiled executable. The PaperCut MF documentation refers to it as a Print Provider. It's responsible for analyzing the print job and then communicating this information to the Application Server component. Communication is via an XML-RPC based Web Services call. This means that the command does not even need to be on the same server as the system hosting the Application Server component.
PaperCut MF works by directly integrating with the Novell iPrint Print Manager. The configuration process is detailed in the section called “Step 5 - Printer/iPrint Configuration”. The development team at PaperCut Software has worked with the Novell iPrint engineers during 2008 to ensure an iPrint API was available that allow iPrint users to have access to the same feature set as seen on Windows, Mac and Linux CUPS. PaperCut MF uses this API set to intercept and account for jobs as they pass into the iPrint queue.
© Copyright 1999-2014. PaperCut Software International Pty Ltd. All rights reserved.