Detailed settings of Ubuntu network printer port 631

After Ubuntu is installed by default, the system imposes security restrictions on the CUPS system, mainly including the following: 1. You cannot use the Web interface http: // localhost: 631/admin manages the Web of CUPS; 2. You cannot access the http: // localhost: 631 of the local machine through the Web interface on other machines to view the print status; 3. the printer of the local machine cannot be shared through IPP protocol on other machines. For the above three questions, you can follow your own needs

After Ubuntu is installed by default, the system imposes security restrictions on the CUPS system, mainly including the following:

1. You cannot perform Web management on CUPS through http: // localhost: 631/admin;
2. You cannot access the local http: // localhost: 631 through the Web interface on other machines to view the print status;
3. the printer of the local machine cannot be shared through IPP protocol on other machines.

For the above three questions, you can make different settings as needed:
1. The reason for this restriction is very simple. Because the cupsys user does not have the permission to access the/etc/shadow file, it cannot identify the authenticity of the user. To solve this problem, it is very simple, you only need to add the user to the passwd group. The command is as follows:
$ Sudo adduser cupsys shadow
In addition, the lpadmin group has the permission to manage printers. To set up a user with the permission to manage the CUPS system, you only need to add the user to the lpadmin group, if the print administrator is firehare, you only need the following command:
$ Sudo adduser firehare lpadmin
Enter
$ Sudo/etc/init. d/cupsys force-reload
Next, try entering http: // localhost: 631/admin in Firefox, and then entering the user and password in the superuser or lpadmin group to enter the management interface.

2. There are two reasons for this restriction:
First, there is a limit on one statement in the/etc/cups/cupsd. conf file:
> Listen 127.0.0.1: 631
The meaning of this sentence is obviously only listening on port 631 on the local loopback port, so it is certain that other machines cannot access it, so you need to change it:
> Port 631
In this way, other machines can access port 631 of the local machine.
Second, because the access permission has not been configured, if other machines access the Web interface of the CUPS System of the local machine through FireFox, a prompt page will appear that you do not have the permission to view. Continue to edit the cupsd. conf file:
> ########
>####### Security Options
> ########
>
> Order Deny, Allow
> Deny From All
> # Allow From 127.0.0.1
> Allow From 192.168.0 .*

Comment out 127.0.0.1 and add the CIDR block that you want to allow access to. Here I am a CIDR block of 192.168.0.0/24. If your CIDR block is small, you can also use a small CIDR block, in cupsd. the following format is allowed in the conf file:
# All
# None
# * .Domain.com
# .Domain.com
# Host.domain.com
# Nnn .*
# Nnn. nnn .*
# Nnn .*
# Nnn. nnn
# Nnn. nnn/mm
# Nnn. nnn/mmm. mmm
# @ LOCAL
# @ IF (name)
You can select the one that best suits you.
Then don't forget to restart the service:
$ Sudo/etc/init. d/cupsys force-reload
Open FireFox and try again? Can I see the webpage?
If you want to manage the CUPS of the local machine through the Web interface on other machines, you can continue to edit the cupsd. conf file:
>
> #
> # You definitely will want to limit access to the administration functions.
> # The default configuration requires a local connection from a user who
> # Is a member of the system group to do any admin tasks. You can change
> # The group name using the SystemGroup directive.
> #

> AuthType Basic
> AuthClass System

### Restrict access to local domain
> Order Deny, Allow
> Deny From All
> # Allow From 127.0.0.1
> Allow From 192.168.0.x

> # Encryption Required
>

3. To solve this problem, we must first allow other machines to find their native printers. If none can be found, how can we use them? Ubuntu places this feature separately in the/etc/cups/cupsd-browsing.conf file to prevent configuration overwrites due to the upgrade package file, so you only need to turn the browsing Off in the file into On. As follows:
> Browsing Off => Browsing On
Although there is also a/usr/share/cups/enable_browsing script in Ubuntu to set it to On, but I cannot run normally during the test, probably because of the/usr/share/cups/browsing_status script! Everything is the same, so I didn't go into details. Then, set the broadcast address for browsing in the/etc/cups/cupsd. conf file, disable it locally, and add the IP address of the CIDR Block 192.168.0.255:
> BrowseAddress @ LOCAL => # BrowseAddress @ LOCAL
> BrowseAddress 192.168.0.255
If your network segment is small, you can also use a small network segment. The following format is allowed in the cupsd. conf file:
# BrowseAddress x. y. z.255
# BrowseAddress x. y.0000255
# BrowseAddress x.00000000255
# BrowseAddress 255.255.255.255
# BrowseAddress @ LOCAL
# BrowseAddress @ IF (name)
Then, set the addresses that can be browsed:
> # BrowseAllow address
> # BrowseDeny address
> BrowseAllow 192.168.0 .*
> BrowseDeny all
>...
> # BrowseOrder allow, deny
> # BrowseOrder deny, allow
> BrowseOrder deny, allow
Save and restart cups
$ Sudo/etc/init. d/cupsys force-reload
In this way, we should be able to provide services!