The basic components of the LPRng system are the executables and the database files. This section deals with generating and installing the executable files.
The LPRng package consists of:
lpd
- the LPD print server programlpr
,
lpq
,
lprm
,
and
lpc
-
client programs for printing,
status queries, job removal, and server configuration respectively./etc/printcap
print queue database file./etc/lpd.conf
program configuration options./etc/lpd.perms
permission information.By default, the LPRng client programs are installed in
/usr/local/bin
and the lpd
server in
/usr/local/sbin
.
By tradition,
UNIX systems have installed printer utilities in
in widely varied locations such as
/usr/lib
,
/usr/bin
,
/usr/libexec
,
/usr/ucb
,
/opt
,
/usr/sbin
,
and
/usr/etc/
.
During installation the old print system files should either be renamed or removed.
The
/etc/printcap
file contains the printer database information.
Information in this file can override the
/etc/lpd.conf
and default configuration information.
The
/etc/lpd.conf
file contains configuration
information for the server and client programs.
The compiled in defaults should be suitable for most small user installations.
The
/etc/lpd.perms
file contains the permission database information.
gmake
in the installation instructions.In the following discussion,
the LPRng distribution will have the name
LPRng-<version>.tgz
.
Unpack, configure, compile, and install, and initialize the distribution using:
gunzip -c LPRng-<version>.tgz | tar xvf -
cd LPRng-<version>
# see discussion below for configuration options
./configure
gmake clean all
su # you must do the following commands as root
gmake install
# if you have not installed LPRng before,
# install default lpd.perms and lpd.conf file in /etc
if [ ! -f /etc/lpd.perms ]; then
make default;
fi;
# update permissions, create files needed for LPRng, check
# /etc/printcap file for problems. Do as root:
./src/checkpc -f
The configure
script will determine the type of system and establish a set of defaults
for compilation and installation.
The LPRng/INSTALL
file contains detailed descriptions of the various configuration options and
capabilities.
If you have problems compiling the package, you can try these things:
gcc
instead of your vendor's C compiler.
This can be done either by setting
the
CC
environment variable or using the
--with-cc
configure option.
CC=gcc ./configure
OR
configure --with-cc=gcc
/usr/local/include
and libraries are in
/usr/local/include
and these paths are not searched or used by the compiler.
This can be fixed by setting the
CPPFLAGS
and LDFLAGS
environment variables,
or using the
--with-cppopts=
and
--with-ldopts=
configure options.
CPPFLAGS="-I/usr/local/include -I/usr/include/kerberosIV" \
LDFLAGS="-L/usr/local/lib -L/usr/lib/kerberosIV" \
./configure
OR
configure --with-cppopts="-I/usr/local/include -I/usr/include/kerberosIV" \
--with-ldopts="-L/usr/local/lib -L/usr/lib/kerberosIV"
--with-lpddir
,
--exec-prefix=
,
--bindir=
,
--sbindir=
,
and other basic
configure
options.The configure
and make
steps must be run on
the target host,
especially if the target host has a different version of the operating system.
This is extremely important for SunOS or Solaris,
where
there tend to be changes in the system's include files between
versions
as well as support libraries.
Also read the notes for your OS in section System-dependent notes for specific installation help (if any).
While the default LPRng configuration will be suitable for most individual users, administrators of large sites or which need to support lightweight print clients will need to use the following configure options.
--disable-force_localhost
lpd
print spooler running on the local host system.
However,
many larger sites prefer that all users do their printing via a
few central servers,
and do not run
lpd
servers on user systems.
The
--disable-force_localhost
configuration will simply this type of operation by eliminating the need for
a
/etc/lpd.conf
file to override the force_localhost
option.
Example:
./configure --disable-force_localhost
--disable-lpd_bounce
The default LPRng configuration assumes that each
lpd
server will process and modify print jobs as they are forwarded
from server to server.
While this is usually the desired operation on small sites or on individual systems,
this is usually not the desired operation on sites running central servers,
as will requires distributing filter software to all the user workstations.
Example:
./configure --disable-lpd_bounce
The /etc/printcap
file contains the definitions of print queues
and other information used by LPRng.
If your system does not have an /etc/printcap
file,
then the following is suitable for initial testing and configuration:
# test printcap file
lp:cm=Test Printcap Entry:
:lp=/dev/null
:sd=/usr/spool/lpd/lp
The /etc/ifhp.conf
file contains settings that override the defaults provided at compile time.
You will find a prototype or template ifhp.conf
file in the LPRng distribution.
You can install this by using:
astart > cd LPRng
astart > su
ASTART # make init
or
ASTART # cp /etc/ifhp.conf /etc
ASTART # chmod 644 /etc/ifhp.conf
By default,
the lpd
server is run as a ROOT (user 0)
process.
(This is true not only for LPRng, but also for all
other system processes which are started at boot time.)
However,
normally LPRng will do operations as a non-privileged user and group
which is defined by the value of the
user
(default daemon
) and
group
(default daemon
) option
in the /etc/lpd.conf
configuration file
or the compile time defaults in the
LPRng/src/vars.c
file.
The following steps must be taken in order to preserve system security:
daemon
on the system.
This user does not need login privileges,
but will need a home directory if secure authentication
such as Kerberos or PGP will be done./etc/lpd.conf
file should be owned by root (user 0),
and should have read-only (0444) permissions./etc/printcap
file should be owned by root (user 0),
and should have read-only (0444) permissions.daemon
, group daemon
,
and have 0700 permissions (accessible only by user daemon
).The
checkpc
program is used to make sure that
the spool directories and files used by LPRng have the correct permissions
and are in place.
By default,
checkpc
will check permissions and report if there are any problems.
You should run this as root
.
For example:
% astart > su
#>cd LPRng/src
#>./checkpc
Warning - No configuration file found in '/etc/lpd.conf:/usr/etc/lpd.conf'
Warning - No lpd only printcap file found in '/etc/lpd_printcap,/usr/etc/lpd_printcap'
Warning - ** cannot open '/var/run/lpd.printer' - 'Permission denied'
Warning - bad directory - /var/spool/lpd/lp
Warning - Printer_DYN 'lp' spool dir '/var/spool/lpd/lp' needs fixing
In the above example,
checkpc
has discovered that the /etc/lpd.conf
file is missing.
This is not a serious problem if the system defaults are to be used,
but you might want to put the default LPRng/lpd.conf
file from the
distribution in place.
The lpd only printcap message is usually of concern to administrators who wish to use some of LPRng's more exotic configuration options. It is possible to have separarte printcap databases for client and server programs. This is useful when printcap files get extremely large and cuts down substantially on system management problems.
The permission denied message for /var/run/lpd.printer
is more serious,
as the lpd
server uses this as a lock file.
The bad directory message about the spool directory is usually caused by bad permissions or when the directory is missing.
The checkpc -f
option causes checkpc
to take action to rectify errors.
You can see what is happening if you run it with the -V
(vervose) option:
% astart > su
#>cd LPRng/src
# ./checkpc -f -V
LPRng version LPRng-3.6.1
DaemonUID 1, DaemonGID 12
Using Config file '/etc/lpd.conf:/usr/etc/lpd.conf'
Checking for configuration files '/etc/lpd.conf:/usr/etc/lpd.conf'
Warning - No configuration file found in '/etc/lpd.conf:/usr/etc/lpd.conf'
Checking for printcap files '/etc/printcap,/usr/etc/printcap'
found '/etc/printcap', mod 0100644
Checking for lpd only printcap files
'/etc/lpd_printcap,/usr/etc/lpd_printcap'
Warning - No lpd only printcap file found in
'/etc/lpd_printcap,/usr/etc/lpd_printcap'
LPD lockfile '/var/run/lpd.printer'
checking '/var/run/lpd.printer' file
Names
:lp=lp
All
:lp
Printcap Information
lp
:force_localhost
:lp=lw4@astart4.astart.com
:sd=/var/spool/lpd/lp
Checking printcap info
Checking printer 'lp'
Checking directory: '/var/spool/lpd/lp'
file 'control.lp', size 0 K, unchanged in 2 hours
file 'status.lp', size 0 K, unchanged in 2 hours
file 'status', size 0 K, unchanged in 2 hours
file 'log', size 0 K, unchanged in 2 hours
checking 'control.lp' file
checking 'status.lp' file
checking 'status' file
cleaning 'status' file, 0 bytes long: no truncation
checking 'log' file
cleaning 'log' file, 0 bytes long: no truncation
# ./checkpc
Warning - No configuration file found in '/etc/lpd.conf:/usr/etc/lpd.conf'
Warning - No lpd only printcap file found in '/etc/lpd_printcap,/usr/etc/lpd_printcap'
As you can see, checkpc
can not only print detailed information about your
printing system, but it also fixes up the various problems.
While checkpc
will set permissions,
there is always the problem with undetected errors in the LPRng
software that,
when exploited,
could cause severe system problems.
The most serious concern is that of gaining root (user 0) permissions.
One way to avoid this is to run client programs without root permission. This is the default operation for LPRng, in contrast to other print spooling software.
A remaining problem is the fact that on most UNIX
platforms,
lpd
requires root permissions to open port 515.
One option is to have the lpd
server drop root permissions
soon after binding to this port and before accepting any user
commands.
However,
in order to be compatible with RFC1179,
lpd
must originate connections from a reserved
port in the range 721-731,
although in practice port 1-1023 seems to be acceptible.
If interoperability with existing print spoolers is not desired,
then it is trivial
to configure LPRng using the lpd.conf
file or by modifying the compile time
lpd_port
value in the file or the LPRng/src/vars.c
so that all the software will run
as client programs.
For example,
in the /etc/lpd.conf
file,
you only need to change the indicated lines:
# Purpose: lpd port
# default lpd_port=printer
lpd_port=2000
Now all the LPRng software will use port 2000 to transfer jobs and commands. You can also use this facility to establish a private set of print spoolers which can be used for testing.
The next step is to shut down and remove the existing print
spooler,
and test the functionality of the LPRng lpd
programs.
Unfortunately,
this process is fairly system dependent,
and requires a small amount of system expertise.
In addition to these general directions,
you should see the
System specific notes for your system.
This section provides instructions for systems that use the
lpd
print services,
such as SunOS,
BSD derived systems,
and Linux based systems.
These systems use an lpd
print server,
as does LPRng.
We first kill the currently running lpd
process.
While there may be a system shutdown script
in the /etc/rc.d/
directory or other location for this,
do not bother using it.
# most BSD Systems
ps -auxw |grep lpd
# Kill it twice
kill (pid of lpd server)
# This should report an error - if not then lpd did not terminate
kill (pid of lpd server)
#
Example:
astart % ps -axuw |grep lpd
papowell 23932 0.0 0.3 224 184 p3 S+ 10:40AM 0:00.01 grep lpd
daemon 17763 0.0 0.2 448 120 ?? IWs 29Mar99 0:01.35 (lpd)
astart % kill 135
astart % kill 135
135: No such process
Next,
you should remove or rename the existing print system executables.
The following example shows how to use the
find
utility to track down candidates.
astart# find /usr -type f -name lp\* -print >/tmp/candidates
astart# find /sbin -type f -name lp\* -print >>/tmp/candidates
astart# cat /tmp/candidates
/usr/bin/lpunlock
/usr/bin/lpqall.faces
/usr/bin/lpq <---- old
/usr/bin/lpr <---- old
/usr/bin/lprm <---- old
/usr/bin/lptest
/usr/doc/samba-1.9.18p10/examples/printer-accounting/lp-acct
/usr/man/man1/lpq.1
/usr/man/man1/lpr.1
/usr/man/man1/lprm.1
/usr/man/man1/lptest.1
/usr/man/man4/lp.4
/usr/man/man8/lpc.8
/usr/man/man8/lpd.8
/usr/sbin/lpc <--- old
/usr/sbin/lpd <--- old
/usr/sbin/lpf <--- old
/usr/local/bin/lpc <-- LPRng
/usr/local/bin/lpq <-- LPRng
/usr/local/bin/lpr <-- LPRng
/usr/local/bin/lprm <-- LPRng
/usr/local/sbin/lpd <-- LPRng
astart # mv /usr/bin/lpq /usr/bin/lpq.old
astart # mv /usr/bin/lpr /usr/bin/lpr.old
astart # mv /usr/bin/lprm /usr/bin/lprm.old
astart # mv /usr/sbin/lpc /usr/sbin/lpc.old
astart # mv /usr/sbin/lpd /usr/sbin/lpd.old
astart # mv /usr/sbin/lpf /usr/sbin/lpf.old
...
The original SysVR4 and other related systems did not have any support for RFC1179 network printing (Berkeley LPD). Support for this was added by various manufacture specific methods. Unfortunately, there are a wide range of possibilities.
The lpsched
process (/usr/lib/lp/lpsched/
)
process performs many of the functions of the LPRng and BSD
lpd
server.
On Solaris systems,
it also stats the
lpNet
server that provides network print services.
Unfortunately,
no simple and reliable method of shutting down a running lpsched
process
and the associated network services has been found.
However,
it turns out to be very simple to prevent the services from
being started.
First,
you will need to locate the /etc/rc
startup files
that start system services.
During system startup,
a set of shell scripts stored in the /etc/rc.d
diretories are executed.
The individual startupfile files are usually links to a
common one in the /etc/init.d
directory.
You first need to find the files containing the startup commands.
This is done as shown below:
SUN # cd /
SUN # grep -l lpsched /etc/rc* /etc/rc*/* init.d/* init.d/*/* >/tmp/files
SUN # cat /tmp/files
/etc/rc0.d/K20lp
/etc/rc2.d/K20lp
/etc/rc2.d/S80lp
/etc/init.d/lp
># ls -l ` cat /tmp/files `
lrwxrwxr-x 1 root bin 1 Dec 29 23:39 /etc/rc0.d/K20lp -> ../../init.d/lp
lrwxrwxr-x 1 root bin 1 Dec 29 23:39 /etc/rc2.d/K20lp -> ../../init.d/lp
lrwxrwxr-x 1 root bin 1 Dec 29 23:39 /etc/rc2.d/S80lp -> ../../init.d/lp
-rwxr--r-- 5 root sys 460 Sep 1 1998 /etc/rcS.d/K39lp
Here is the contents of the typical script file, with the indicated modifications that should be made for testing
#!/sbin/sh
#### ADD THE FOLLOWING LINE TO EXIT EARLY
exit 0
#### THE REST IS THE USUAL SCRIPT
case "$1" in
'start')
[ -f /usr/lib/lpsched ] && /usr/lib/lpsched ;;
'stop' )
[ -f /usr/lib/lpshut ] && /usr/lib/lpshut ;;
*)
echo "Usage: $0 { start | stop }"
exit 1
esac
exit 0
Next, as for the BSD installation, we will find all of the printing related commands and rename them. You can either rename them one by one, or use the script method shown below. The minimum of the indicated files should be renamed.
SUN # find /usr -type f -name lp\* -print >/etc/printingfiles
SUN # cat /tmp/printingfiles
/usr/bin/lp <---
/usr/bin/lpstat <---
/usr/lib/lp/bin/lp.cat
/usr/lib/lp/bin/lp.set
/usr/lib/lp/bin/lp.tell
/usr/lib/lp/lpNet <---
/usr/lib/lp/lpsched <---
/usr/lib/lp/lpdata <---
/usr/sbin/lpadmin <---
/usr/sbin/lpfilter <---
/usr/sbin/lpforms <---
/usr/sbin/lpmove <---
/usr/sbin/lpshut <---
/usr/sbin/lpsystem <---
/usr/sbin/lpusers <---
/usr/ucb/lpc <---
/usr/ucb/lpq <---
/usr/ucb/lpr <---
/usr/ucb/lprm <---
/usr/ucb/lptest
SUN # for i in ` cat /tmp/printingfiles ` ; do
> mv $i $i.old
> done
Next, you find if there is a cron job scheduled
by the file
/var/spool/cron/crontabs/lp
to periodically update and roll over error logs.
If there is, you should
(after having saved the file)
remove it.
cp /var/spool/cron/crontabs/lp /etc/cron.crontabs.lp
Check the /etc/inetd.conf
file for a line like:
printer stream tcp nowait root /usr/lib/print/in.lpd in.lpd
Comment out this line. This line is not present on all systems.
Now we must reboot the machine. You can use
reboot
if you are in a rush,
and shutdown
if you are not.
SUN # reboot
or
SUN # shutdown -y "Whooga! Whooga! Dive! Dive! System going down."
When the system reboots,
check to make sure that the
lpd
server is not listening on port 515.
SUN # telnet localhost 515
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
If you do get a connection established
then you must use nlsadmin
to force the
tcpip listener to release the port, as illustrated below.
SUN # nlsadmin -v tcp
lpd \x00020203000000000000000000000000 ENABLED \
NORPC root NOMODULES /var/spool/lp/fifos/listenBSD #
0 \x00020ACE000000000000000000000000 ENABLED \
NORPC root NOMODULES /usr/lib/saf/nlps_server #
lp NOADDR ENABLED NORPC root NOMODULES \
/var/spool/lp/fifos/listenS5 #
SUN # nlsadmin -r lpd tcp
SUN # nlsadmin -r lp tcp
Once you disable this, you should try to reconnect to port 515. If you still cannot, then you have a problem and need to reboot once more.
We will now run the lpd
executable in the
foreground
and test
mode,
and make sure that our system configuration is
correct.
It is best to do this with two screens or windows,
as you will want to observe the output.
# > /usr/local/bin/lpd -F
Fatal error - Another print spooler is using TCP printer port
# > /usr/local/bin/lpd -F -D1
...
1999-04-05-10:02:37.755 astart10 [28903] lpd Read_file_and_split: \
cannot open file '/etc/lpd.perms' - No such file or directory
1999-04-05-10:02:37.758 astart10 [28903] lpd Read_file_and_split: \
cannot open file '/usr/etc/lpd.perms' - No such file or directory
1999-04-05-10:02:37.759 astart10 [28903] lpd Build_printcap_info: \
list->count 0, raw->count 3
1999-04-05-10:02:37.777 astart10 [28903] lpd lpd: listening socket fd -6
Fatal error - Another print spooler is using TCP printer port
1999-04-05-10:02:37.782 astart10 [28903] lpd Get_max_fd: getrlimit returns 64
1999-04-05-10:02:37.783 astart10 [28903] lpd Get_max_fd: returning 64
1999-04-05-10:02:37.786 astart10 [28903] lpd cleanup: done, doing killpg \
then exit(0)
If you get the above error message,
then you have either not killed off other the running lpd
server
or you are not starting the lpd
server as ROOT.
This is the most common error during setup.
Correct the problem and then restart the server if neccessary.
You should see the output indicated below:
# > /usr/local/bin/lpd -F -D1
1999-04-05-14:35:14.023 astart27 [2667] Waiting lpd: LOOP START
1999-04-05-14:35:14.024 astart27 [2667] Waiting Get_max_servers: getrlimit returns 256
1999-04-05-14:35:14.024 astart27 [2667] Waiting Get_max_servers: returning 128
1999-04-05-14:35:14.025 astart27 [2667] Waiting lpd: max_servers 128, active 0
1999-04-05-14:35:14.025 astart27 [2667] Waiting lpd: starting select timeout 'yes', 600 sec
Now from another window do the following commands:
# > lpq -Plp@localhost
Printer: lp@astart
Queue: no printable jobs in queue
# > lpq
Printer: lp@astart
Queue: no printable jobs in queue
At this point your LPRng software has been installed and tested.
You still need to set up
Startup Scripts
to automatically start it at boot time,
and
/etc/printcap
entries for your printers.
The purpose of startup scripts is to automatically start the lpd
print server at boot time.
Again,
the location and contents of these depend strongly on the
version of the Operating System, and system vendor.
In most of these systems the startup script
for
lpd
is already present in the
/etc/rc
files
and only has to be modified.
It can be found by using:
ASTART # grep -l lp /etc/rc* /etc/rc*/* /etc/rc*/*/*
/etc/rc
ASTART # more /etc/rc
...
if [ -f /etc/printcap ]; then
echo -n ' printer'; /usr/sbin/lpd
fi
Modify this file so that path is to the LPRng lpd
file.
These systems have individual startup files for each printing service. We need to update the startup files to reference the LPRng executables.
SUN # grep -l lp /etc/rc* /etc/rc*/* init.d/* init.d/*/* >/tmp/files
SUN # cat /tmp/files
/etc/rc0.d/K20lp
/etc/rc2.d/K20lp
/etc/rc2.d/S80lp
/etc/init.d/lp
># ls -l ` cat /tmp/files `
lrwxrwxr-x 1 root bin 1 Dec 29 23:39 /etc/rc0.d/K20lp -> ../../init.d/lp
lrwxrwxr-x 1 root bin 1 Dec 29 23:39 /etc/rc2.d/K20lp -> ../../init.d/lp
lrwxrwxr-x 1 root bin 1 Dec 29 23:39 /etc/rc2.d/S80lp -> ../../init.d/lp
-rwxr--r-- 5 root sys 460 Sep 1 1998 /etc/rcS.d/K39lp
Modify the startup files so that they use the LPRng lpd
executable:
#!/sbin/sh
case "$1" in
'start')
[ -f /usr/local/bin/lpd ] && /usr/local/bin/lpd
;;
'stop')
echo "Shutting down lpd: \c"
kill -2 `cat /var/run/lpd*` >/dev/null 2>1;
;;
*)
echo "Usage: $0 { start | stop }"
exit 1
esac
exit 0
Many UNIX utilities in the Solaris and HP UNIX environment use the
UNIX System V lp
and lpstat
programs.
It is almost impossible to modify the programs themselves,
as many are vintage software that is unsupported or which would
be too costly to update.
In order to support these applications,
LPRng provides simulation for the
lp
,
lpstat
,
and
clean
commands.
The LPRng lpstat
command is a modified version of the
lpq
command,
and accepts the lpstat
command line options and tries to return
status in an lpstat
format.
If the lpr
program is invoked with the name lp
,
it will simulate the lp
options.
Finally, if the lprm
program is invoked with the name cancel
,
it will simulate the lp
options.
This can be done by using symbolic links or copying the programs.
Note that many of the vintage
applications have fully qualified
paths to the lp
and lpstat
executables,
so it will be nessary to copy them to the original program locations.
# original - /usr/bin/lp
# original - /usr/bin/lpstat
cd /usr/local/bin
cp lpr /usr/bin/lp
cp lpstat /usr/bin/lpstat
cp lprm /usr/bin/cancel
See the man pages for lp, lpstat, and cancel in the LPRng/man directory. Not all the functions of the original programs are supported and these man pages should be installed to replace the original lp, etc, man pages.