Tải bản đầy đủ
[Chapter 9] 9.2 Line Printer Daemon

[Chapter 9] 9.2 Line Printer Daemon

Tải bản đầy đủ

[Chapter 9] 9.2 Line Printer Daemon

Numeric
Some parameters are assigned numeric values. For example, :br#9600: sets the baud rate for a serial
printer.
String
Some parameters use string values. For example, :rp=laser: defines the name of a remote printer.
A glance at the manpage shows that there are many printcap parameters. Thankfully, you'll never need to use
most of them. Most printer definitions are fairly simple, and most printcap files are small. Writing a printcap
from scratch is often unnecessary. Ask the other system administrators on the newsgroup for your system.
You'll be surprised how often others have already solved the problem and how willing they are to help.
Print servers usually have only one or two directly attached printers; any other printers defined in the printcap
are probably remote printers. Most, if not all, of the printers defined in a client's printcap are remote printers.
#
# Remote LaserWriter
#
lw:\
:lf=/var/adm/lpd-errs:\
:lp=:rm=pecan:rp=lw:\
:sd=/var/spool/lpd-lw:
The lw printer in this sample printcap file is a remote printer. The remote machine to which the printer is
attached is defined by the :rm=pecan: parameter and the name of the remote printer on that machine is
defined by the :rp=lw: parameter. The lf parameter points to the log file used to log status and error messages.
Multiple printers can use the same log file. The final parameter, sd, defines the spool directory. Each printer
has its own unique spool directory. Defining the remote printer in the client's printcap file is all that is needed
to configure an LPD client.
9.2.1.1 LPD security
The line printer daemon uses trusted host security, and it can use the same security file (hosts.equiv) as the r
commands. [8] All of the users on a host listed in the server's hosts.equiv file are permitted to use the server's
printers. To restrict access to only those remote users who have accounts on the server, include the :rs:
Boolean in the printer description in the printcap file. When :rs: is specified, only users who are logged into
"like-named" accounts on a trusted host are granted access to the printer. This parameter is applied on a
printer-by-printer basis, so it is possible to restrict access to a special printer while permitting broader access
to the other printers on the system.
[8] See Chapter 12 for more information about the r commands and trusted host security.
A problem with using the hosts.equiv file for printer access is that the file also grants "password-free" login
access. It is common to want to share a printer without wanting to grant any other access to the print server.
To accommodate this, lpd also uses the /etc/hosts.lpd file for security. A trusted host defined in that file is
given access only to printers, and the :rs: parameter works with this host just as it does with a host defined in
the hosts.equiv file.
file:///C|/mynapster/Downloads/warez/tcpip/ch09_02.htm (2 of 6) [2001-10-15 09:18:30]

[Chapter 9] 9.2 Line Printer Daemon

The syntax of the hosts.lpd file is exactly the same as the syntax of the hosts.equiv file. A hosts.lpd file might
contain:
brazil
acorn
This example shows a file that restricts printer access to the users who are logged into brazil and acorn.
9.2.1.2 Using LPD
Print jobs are sent to the line printer daemon using the Line Printer Remote (lpr) program. The lpr program
creates a control file and sends it and the print file to lpd. There are many possible lpr command-line
arguments, but in general the command simply identifies the printer and the file to be printed, as in:
% lpr -Plj ch09
This command sends a file called ch09 to a printer called lj. The printer can be local or remote. It doesn't
matter as long as the printer is defined in the printcap file and therefore known to lpd.
The client software provides commands to allow the user to check the status of the print job. Table 9.2 lists
these commands, their syntax, and their meaning.
Table 9.2: Line Printer Commands
Command
Usage
lpc restart [printer]
Starts a new printer daemon.
lpc status [printer]
Displays printer and queue status.
lpq -Pprinter [user] [job] Lists the jobs in the printer's queue.
lprm -Pprinter job
Removes a print job from the queue.
In this syntax printer is the name of the printer as defined in the /etc/printcap file, user is the username of the
owner of a print job, and job is the job number associated with the print job while it is waiting in the queue.
The keyword all can be used in place of a printer name in any lpc command to refer to all printers.
While lpc is primarily for the system administrator, the status and restart commands can be used by anyone.
All of the commands shown in Table 9.2 are available to users.
The lpq command displays a list of jobs queued for a printer. Command-line arguments permit the user to
select which printer queue is displayed and to limit the display from that queue to a specific user's jobs or
even to a specific job. Here's an example of displaying the queue for the printer laser:
% lpq -Plaser
Rank
Owner
1st
tyler
2nd
daniel
3rd
daniel

Job
405
401
404

Files
...
...
...

file:///C|/mynapster/Downloads/warez/tcpip/ch09_02.htm (3 of 6) [2001-10-15 09:18:30]

Total
5876
12118
12118

Size
bytes
bytes
bytes

[Chapter 9] 9.2 Line Printer Daemon

A queued print job can be removed by the owner of the job with the lprm command. Assume that daniel
wants to remove print job number 404 shown in the example above. He enters the following command:
% lprm -Plaser 404
dfA404acorn dequeued
cfA404acorn dequeued
Along with the r commands, lpd and lpr were among the first commands created for UNIX to exploit the
power of TCP/IP networking. Managing printers is primarily a system administration task. Only those aspects
of LPD related to remote printing and network security are covered here.

9.2.2 Solaris Line Printer Service
The Solaris system uses the Line Printer (LP) print service that is used by most System V UNIX systems. LP
offers the same type of service as LPD.
The LP configuration files are located in the /etc/lp directory. These files perform the same basic function as
the /etc/printcap file does for LPD. However, the /etc/lp files are not directly edited by the system
administrator. On a Solaris system, printers are configured through administrative commands or through the
Printer Manager window of the admintool. Figure 9.1 shows the Printer Manager window.
Figure 9.1: Printer Manager

Clients select Add, the Access to Printer from the Add Printer sub-menu of the Edit menu, and enter the name
of the remote printer and its server in the window that appears. Servers share printers simply by selecting Add
Local Printer in the same menu and configuring a local printer. By default, Solaris shares all local printers.
Remote printer access is controlled by the /etc/lp/Systems file. It comes pre-configured with the following
entry:

file:///C|/mynapster/Downloads/warez/tcpip/ch09_02.htm (4 of 6) [2001-10-15 09:18:30]

[Chapter 9] 9.2 Line Printer Daemon

+:x:-:s5:-:n:10:-:-:Allow all connections
As the comment at its end makes clear, this entry grants all remote systems access to the local printers. The
first field defines the name of the host being granted access. When a plus (+) is used in this field, it means all
hosts.
The fields in an /etc/lp/Systems entry are separated by colons (:). The field containing an x and all of the fields
containing a dash (-) can be ignored. These fields are unused.
The fourth field identifies the type of operating system used on the remote client. It contains either s5 for
System V computers that use LP to print jobs, or bsd for BSD systems that use LPD.
The n in the sixth field indicates that this "connection" should never be timed out and removed from the
system. A timeout period in minutes could be entered in this field, but this is not usually done. Keep the
connection available as long as the local server is up. The 10 is a related value. It indicates that if a
connection to a remote system fails, it should be retried after 10 minutes. This is a good value. It is long
enough to give the remote system a chance to restart after a crash. Both n and 10 are the defaults and don't
usually need to be changed.
Don't directly edit the /etc/lp/Systems file. Modify it with the lpsystem command. To remove a system from
the Systems file, use lpsystem with the -r hostname command-line argument, where hostname is the value in
the first field of the entry you wish to delete. For example, to remove the plus sign (+) entry from the default
/etc/lp/Systems file, type:
# lpsystem -r +
To add an entry to the Systems file, use the lpsystem command without the -r option. For example, to add a
BSD system named macadamia, enter:
# lpsystem -t bsd -y "Linux PC in room 820" macadamia
The command adds the following entry to the Systems file:
macadamia:x:-:bsd:-:n:10:-:-:Linux PC in room 820
The -t command-line option defines the operating system type. The -y option defines the comment;
macadamia is, of course, the hostname. We accepted the default values for the timeout and the retry intervals.
These could have been modified from the command line using the -T timeout and the -R retry options. See
the manpage for lpsystem for more information.
All UNIX systems provide some technique for sharing printers. The network administrator's task is to ensure
that the printers are accessible via the network and that they are properly secured.

Previous: 9.1 The Network
File System

TCP/IP Network
Administration

file:///C|/mynapster/Downloads/warez/tcpip/ch09_02.htm (5 of 6) [2001-10-15 09:18:30]

Next: 9.3 Network
Information Service

[Chapter 9] 9.2 Line Printer Daemon

9.1 The Network File System

Book Index

9.3 Network Information
Service

[ Library Home | DNS & BIND | TCP/IP | sendmail | sendmail Reference | Firewalls | Practical Security ]

file:///C|/mynapster/Downloads/warez/tcpip/ch09_02.htm (6 of 6) [2001-10-15 09:18:30]

[Chapter 9] 9.3 Network Information Service

Previous: 9.2 Line Printer
Daemon

Chapter 9
Configuring Network Servers

Next: 9.4 A BOOTP Server

9.3 Network Information Service
The Network Information Service (NIS) [9] is an administrative database that provides central control
and automatic dissemination of important administrative files. NIS converts several standard UNIX
files into databases that can be queried over the network. The databases are called NIS maps. Some
maps are created from files that you're familiar with from system administration, such as the password
file (/etc/passwd) and the groups file (/etc/group). Others are derived from files related to network
administration:
[9] NIS was formerly called the "Yellow Pages," or yp. Although the name has changed,
the abbreviation yp is still used.
/etc/ethers
Creates the NIS maps ethers.byaddr and ethers.byname. The /etc/ethers file is used by RARP
(see Chapter 2, Delivering the Data).
/etc/hosts
Produces the maps hosts.byname and hosts.byaddr (see Chapter 3, Network Services).
/etc/networks
Produces the maps networks.byname and networks.byaddr (see Chapter 3).
/etc/protocols
Creates the two maps protocols.byname and protocols.byaddr (see Chapter 2).
/etc/services
Produces a single map called services.byname (see Chapter 2).
/etc/aliases
Defines electronic mail aliases and produces the maps mail.aliases and mail.byaddr (see
Chapter 10).
Check the maps available on your server with the ypcat -x command. This command produced the
file:///C|/mynapster/Downloads/warez/tcpip/ch09_03.htm (1 of 5) [2001-10-15 09:18:31]

[Chapter 9] 9.3 Network Information Service

same map list on both our Solaris and Linux sample systems. Your server may display a longer list.
Here is the list from my Solaris system:
% ypcat -x
Use "passwd"
Use "group"
Use "networks"
Use "hosts"
Use "protocols"
Use "services"
Use "aliases"
Use "ethers"

for
for
for
for
for
for
for
for

map
map
map
map
map
map
map
map

"passwd.byname"
"group.byname"
"networks.byaddr"
"hosts.byname"
"protocols.bynumber"
"services.byname"
"mail.aliases"
"ethers.byname"

The advantage of using NIS is that these important administrative files can be maintained on a central
server, and yet completely accessible to every workstation on the network. All of the maps are stored
on a master server that runs the NIS server process ypserv. The maps are queried remotely by client
systems. Clients run ypbind to locate the server.
The NIS server and its clients are a NIS domain - a term NIS shares with DNS. The NIS domain is
identified by a NIS domain name. The only requirement for the name is that different NIS domains
accessible through the same local network must have different names. Although NIS domains and
DNS domains are distinct entities, Sun recommends using the DNS domain name as the NIS domain
name to simplify administration and reduce confusion.
NIS uses its domain name to create a directory within /var/yp where the NIS maps are stored. For
example, the DNS domain of our imaginary network is nuts.com, so we also use this as our NIS
domain name. NIS creates a directory named /var/yp/nuts.com and stores the NIS maps in it.
While the NIS protocols and commands were originally defined by Sun Microsystems, the service is
now widely implemented. To illustrate this, the majority of examples in this section come from Linux not from Solaris. The syntax of the commands is very similar from system to system.
The command domainname checks or sets the NIS domain name. The superuser can make nuts.com
the NIS domain name by entering:
# domainname nuts.com
The NIS domain name is normally configured at startup by placing the domainname command in one
of the startup files. On Linux and Solaris systems, the value for the NIS domain name is taken from the
/etc/defaultdomain file. This file is used as input to a domainname command in one of the startup
files. As shown below, defaultdomain contains only the name of the NIS domain.
% cat /etc/defaultdomain
nuts.com

file:///C|/mynapster/Downloads/warez/tcpip/ch09_03.htm (2 of 5) [2001-10-15 09:18:31]