About Setting Printing Policies

In addition to, or as part of, setting up printing services at your site, the LP print service offers several options you may want to consider when setting the printing policies at your site.

Controlling the System Printer Destination

You should provide a printer destination for each print client system. There are two ways you can set the default printer destination:

• Set the LPDEST environment variable.
• Set a printer destination for the LP print service.

Some applications attempt to control the printer destination for print requests that they originate.

When an application provides a printer destination, that destination is used by the LP print service, regardless of whether the LP print service has a destination or the LPDEST environment variable is set.

When a destination is specified for the LP print service, it is used when no printer name is included as part of the print request, and the LPDEST environment variable is not set.

Setting Banner Page Policy

A banner page identifies the user who submitted the print request, the print request ID, and when the request was printed. A banner page can also have an optional title that the requester can use to better identify a printout.

Banner pages make identifying the owner of a print job easy, especially when many users submit jobs to the same printer. Printing banner pages uses more paper, however, and may not be necessary if a printer has only a few users. In some cases, printing banner pages is undesirable. For example, if a printer has special paper or forms mounted, like paycheck forms, printing banner pages may cause problems.

By default the LP print service forces banner pages to be printed, regardless of whether or not the user specifies the nobanner option. You can change this policy to allow users to turn off the printing of a banner page when they make a print request.

Permitting Users to Enable or Disable a Printer

You must also decide whether users are allowed to enable or disable printers. The enable and disable commands, by default, are owned by lp, and may only be run by lp or root. You can, however, give users the ability to control access to printers with the enable and disable commands.

If your organization decentralizes responsibility for printer operations, you probably want to permit users access to the enable and disable commands. If you want to control printers and restrict others from interfering with print service operation, then do not change the permissions that restrict access to these commands.

You can also change the permissions on other LP administrative commands to grant users access to them.

Setting Printer Fault Alerts

You can choose one of several ways to receive an alert about a printer fault, including:

• Electronic mail
• Message written to your login terminal (usually system console window)
• Message specified by a program of your choice
• No alerts

The default is to write a message to the terminal to which you (root) are logged in. Unless you specify a program to deliver alerts, the content of the alert is predefined.

The LP print service provides a way to detect printer faults and alert the system administrator to them. Some faults are as simple as running out of paper or needing to replace a toner cartridge. Other more serious problems may include complete printer failure or power failure.

The LP print service recognizes only two fault indicators:

• A drop in carrier
• An XOFF not followed in reasonable time by an XON

Print filters recognize other printer fault indicators, and rely on the LP print service to alert you to a fault when the filter detects it.

---

Note - If you choose to receive no alerts, you need a way to find out about printing faults, so you can correct the problem. The LP print service will not continue to use a printer that has a fault.

---

Using the lpadmin -A command, you can control the following aspects of printer fault alerts:

• Choose the method by which alerts are sent

  · By email, using the -A mail option

  · By message to the console window, using the -A write option

  · By message specified by a program, using the -A 'command' option

  · No alerts, using the -A none option

• Choose to receive repeated alerts every few minutes until the fault is cleared, using the -W minutes option

---

Note - You can specify which user receives email or message alerts. If you choose to receive email or a message written to your console window, the mail or message is sent to the current ID, which may not be your login ID if you use the su command to change IDs. You can set alerts for these parts of the LP print service:

---

• Printer faults
• Mounting forms
• Mounting print wheels

Specifying Printer Fault Recovery

As part of printer fault handling, the LP print service sometimes disables those printers for which it encounters faults. When the printer is ready for printing again, the LP print service recovers in one of three ways:

• It restarts printing at the beginning of the print request that was active when the fault occurred.
• It waits for you to tell the LP print service to re-enable the printer.
• It continues printing at the top of the page where printing stopped.

---

Note - A print filter is required for the LP print service to be able to continue printing at the top of a page where printing stops. Such a filter tracks the control sequences used by the printer to track page boundaries and where in a file printing stopped. The default filters used by the LP print service cannot do this. You will be notified by the LP print service if recovery cannot proceed as you specify because of the filter. See Appendix B, "Understanding and Customizing the LP Print Service," for information about writing filters.

---

You can tell the LP print service which way to recover from a printer fault. If you do not specify how the LP print service will recover after a printer fault is cleared--and if a suitable filter is provided--the print service tries to continue printing at the top of the page where printing stopped. If it cannot, the print service starts printing at the first page of the print request.

If you specify continue printing from the top of the page for failure recovery, but the interface program does not continue running so that it can detect when the printer fault has been cleared, printing is attempted every few minutes until it succeeds. You can force the LP print service to retry immediately by issuing an enable command.

Defining Classes of Printers

The LP print service allows you to group several local printers into one class. This allows a user to specify a class (rather than individual printers) as the destination for a print request. The first printer in the class that is free to print is used. The result is faster turnaround, as printers are kept as busy as possible.

There are no default printer classes known to the LP print service; printer classes exist only if you define them. You are not obligated, however, to define printer classes. You should add them only if you determine that using printer classes will benefit the network users.

Here are some ways you could define printer classes:

• By printer type (for example, PostScript)
• By location (for example, 5th floor)
• By work group or department (for example, Accounting)

Alternatively, a class might contain a group of printers that are used in a particular order. The LP print service always checks for an available printer in the order that printers were added to a class. Therefore, if you want a high-speed printer to be accessed first, you would add it to the class before you add a low-speed printer. As a result, the high-speed printer would handle as many print requests as possible. The low-speed printer would be reserved as a backup printer when the high-speed printer is in use.

---

Note - Print requests are balanced between printers in a class only for local printers. When a print client attempts to print to a class of printers on a print server, only the first printer defined in the class is used.

---

Class names, like printer names, must be unique and may contain a maximum of 14 alphanumeric characters and underscores.

Adding a Printer Description

You can add a descriptive message for each printer to the LP print service to help network users identify printers. The description can contain any message you like. You might include the room number where the printer is located and the name of the person to call if there are printing problems. The message is displayed by using the lpstat -D -p printer-name command.

Setting Priority Limits

You can set a default queue priority for all print requests, set queue priority limits for each user, and adjust the queue priority for individual print requests.

The LP print service provides a simple priority mechanism so that users and administrators can adjust the position of a print request in the queue. Users can ask for a priority level--a number from 0 to 39--when they submit a print request. The lower the number, the higher the priority level. Requests with higher priority are placed ahead of requests with lower priority.

You can adjust the priority levels of users in the following ways:

• Assign each user a priority limit. Users cannot submit a print request with a priority higher than the assigned limit, although they can submit a request with a lower priority.
• Assign a default priority limit for the users not assigned a personal limit.

You can also set a default priority, which is automatically given requests to which users do not assign a priority. The LP print service automatically assigns every print request a priority of 20.

By setting the priorities according to your needs, you can prevent lower-priority tasks from interfering with higher-priority printing tasks.

You can also assign "immediate" or "hold" priorities if you need to pre-empt the job currently printing.

Creating allow and deny Lists

You can control users' access to printers and forms by creating allow and deny lists. An allow list contains the names of users granted access to the specified printer or form; a deny list contains the names of users denied access to the specified printer or form.

This method of allowing or denying access to printers and forms is similar to the method that allows or denies access to the cron and at facilities.

The rules for allow and deny lists are:

• When you do not create an allow or deny list, all users may use the printer or form.
• When both allow and deny lists are empty, there are no restrictions on who may use the printer or form.
• Specifying all in the allow list allows all users access to the printer or to print on the form. Specifying all in the deny list denies access to all users except lp and root.
• When the allow list contains entries, only those users who are listed can access the printer or print on the form. The deny list is ignored.
• When the allow list is empty or does not exist, users who are listed in the deny list are not allowed access to the printer or to print on the form.

Each item in the user-list can take any form shown in Table 6-1. Separate each item by either a space or a comma. If you use spaces to separate the names, enclose the entire list (including the allow: or deny:) in quotation marks.

Table 6-1 allowdeny

Item	Description
user	User on any system
all	All users on all systems
system!user	User on system only
!user	User on local system only
all!user	User on any system

Table 6-1 allowdeny

Item	Description
all!all	All users on all systems
system!all	All users on system
!all	All users on local system

---

Note - Make sure that the allow and deny lists for print servers and their print clients match. If the two sets of lists do not match, users may receive conflicting messages about a printer accepting jobs and then refusing jobs.

---

You can also create allow and deny lists to control a certain printer's access to specific forms. In that case, the lists contain form names rather than user names.

Controlling User Access to Printers

You can control which users on any system can have access to some or all of the available printers. For example, you may want to prevent some users from printing on a high-quality printer to minimize expense. To restrict user access to printers, you can create allow and deny lists (using lpadmin; the Printer Manager enables you to create only allow lists). If you create neither, all users have access.

If you use allow access lists on print clients and print servers, make sure the lists match--because after an allow list on a system limits access to only the users in the list. If a user is in the allow list on the print client but not in the allow list on the print server, his or her print request is allowed on the client, but when it gets to the print server, the request is denied. If, on the other hand, a user is denied permission to use a printer on a print server, you do not need to include that user in the deny list on the print client system. Users in the print server deny list are denied access to the remote printer.

As a courtesy to users, however, you might want to make the deny lists for print servers and clients match. In that way, you can be sure that when client users try to access a printer that they are not authorized to use, an immediate message is displayed saying that permission to use the printer is denied.

However, you have to decide whether it is worth it--maintaining matching lists on multiple systems--to achieve the benefit of getting messages to users faster. On the downside, the messages may be wrong if the access lists change over time. If you create access lists only on the print server, it is much easier to administer. This policy has been adopted by the Printer Manager, which allows you to create and maintain only an allow access list on the print server. The inability to create a deny list may be inconvenient at times--like when you want to exclude a few out of many users--but the simplicity of dealing with only one type of access list is worth it.

Instructions for Setting Printing Policies

This section provides step-by-step instructions for performing tasks related to setting printing policies. For many tasks, you will find an example of user input and system output after the instructions.

· How to Set the System Printer Destination

1. On the print server or print client, become root or lp.

2. Type lpadmin -d printer-name or class-name and press Return. The printer you specify is established as the default printer for the system. The printer can reside on a remote print server. You should perform this step during initial printer setup, but you can set or change the default print request destination later. When a user does not specify the destination for a print request, the LPDEST environment variable is checked. If that fails, then the default printer for the system defined in this step is used.

· How to Control Printing of Banner Pages

* Type lpadmin -p printer-name -o nobanner or banner and press Return. The default is the banner option, which forces a banner page to print with every print request, even if users ask for no banner page. When you specify -o nobanner, users are allowed to ask for no banner page (lp -o nobanner), and the request is honored.

· How to Control Access to enable and disable Commands

By default, you must become root or lp to use the LP administrative commands.

To give all users permission to run enable and disable commands: 1. On the print server, type ls -l /usr/bin/enable\ /usr/bin/disable and press Return.

Check that lp is the owner of these commands.

2. If lp does not own the commands, type

   chown lp /usr/bin/enable /usr/bin/disable and press Return. lp now owns the commands.

3. Type chmod u+s /usr/bin/enable /usr/bin/disable and press Return.

   The set user ID bit is set so that users can access the commands.

To prevent others from running enable and disable commands: * Type chmod u-s /usr/bin/enable /usr/bin/disable and press Return.

Clearing the set user ID bit prevents users other than root or lp from running the enable and disable commands.

---

Note - You can also change the permissions on other LP administrative commands to grant or deny users access to them.

---

· How to Specify Alerts for Printer Faults

To specify alerts for printer faults: * Type lpadmin -p printer-name -A type -W minutes and press Return. Use the table below to choose the type of alert. If you do not specify the type of alert to give for printer faults, a message will be written once to the terminal on which you (root) are logged in.

Table 6-2

Type	Description
'mail [username]'	Send the alert message by email to the administrator (root or lp, depending on who ran lpadmin), or the specified user.
'write [username]'	Send the alert message to the system console window of the current user, or the specified user.
'command'	Run the command file for each alert. The environment variables and current directory are saved and restored when the file is executed.
none	Do not send any messages.

This command asks for notification. The notification is sent according to the desired alert type and number of minutes specified between alert reminders. If you omit -W, the message is sent once. You do not specify the alert message. It is a predefined message that says the printer has stopped printing and needs to be fixed.

To stop alerts for the current printer fault: * On the print server, type lpadmin -p printer-name -A quiet and press Return.

When you (root or specified user) receive repeated alerts, this command suppresses alerts for the specified printer until the printer fault has been fixed, and the printer is enabled.

---

Note - If printer-name is all in any of the previous commands, the alert condition applies to all printers on the system.

---

Examples of Specifying Alerts for Printer Faults

To send email alerts to a user named joe for a printer named mars, with reminders every 5 minutes:

# lpadmin -p mars -A 'mail joe' -W 5

To receive message alerts at the terminal on which root is logged in (console window) for a printer named venus, with reminders every 10 minutes:

# lpadmin -p venus -A write -W 10

To receive no alerts for a printer named mercury:

# lpadmin -p marcury -A none

· How to Specify Fault Recovery

1. On the server, become root or lp.

2. Type lpadmin -p printer-name -F fault-recovery and press Return. Use the table below to choose the type of recovery you want for any print request stopped because of a printer fault.

Table 6-3

Type	Description
beginning	Start printing the request again from the beginning.
continue	Continue printing the request from the top of the page where printing stopped. This requires a filter to wait for the fault to be cleared before automatically continuing.
wait	Disable printing on the printer, and wait until it is re-enabled. Resume printing at the top of the page where the request stopped, unless lp -i is used to specify where printing should resume.

Re-enable the printer after you clear a fault, so that printing can resume immediately.

· How to Define a Class of Printers

---

Note - Print requests are balanced between printers in a class only for local printers. When a print client attempts to print to a class of printers on a print server, only the first printer defined in the class is used.

---

1. On the print server, become root or lp.

2. Type lpadmin -p printer-name -c printer-class and press Return. The printer you named is added to the end of the list in the class you named. If the printer class does not exist, it is created.

# lpadmin -p slw2 -c roughdrafts

· How to Add a Printer Description

1. On both the print server and print clients, become root or lp.

2. Type lpadmin -p printer-name -D "comment" and press Return. The comment message describes characteristics of the printer, like location or administrative contact. Use single quotation marks if the message contains characters that the shell might interpret (like *, ?, \, !, ^).

# lpadmin -p slw2 -D "Laser across from Ken's office"

· How to Set Default Priority and Priority Limits for Users

1. On both the print server and print clients, become root or lp.

2. Type lpusers [option] and press Return.

   Use the table below to choose the option you want.

Table 6-4

Option	Description
-d level	Sets the system-wide priority level for print requests. This is the priority level a user's print request is given when the user does not explicitly set the request's priority. (Default is 20.)
-q level	Sets the default highest priority level that applies to all users not explicitly assigned an upper limit with -q and -u options combined.
-u user-list	Removes the priority limit set for the specified users. If you have set a default limit, it now applies.
-q level -u user-list	Sets the highest priority level at which the specified users can submit print requests. Otherwise, the highest priority is 0. (Priority runs from 0, highest, to 39, lowest.) Type a list of user names separated by commas or enclose the list in quotation marks. You can qualify user names as follows: system-name!user-name - Named user on named system system-name!all - All users on named system all!user-name - Named user on all systems all - All users on all systems
-l	Lists the default priority level, and the priority limit explicitly assigned to users.

---

Note - If the default priority is higher than the limit for the user, the user's limit is applied instead. For example, if the default priority is 20 and the user's priority limit is 18, a print job for that user will have a priority of 20. Users can always specify a lower priority than their priority limit. For example, if the user's priority limit is 18, that user can submit a job with a priority of 25, but not one with a priority of 12. Remember, the lower the number (from 0-39), the higher the priority.

---

· How to Allow or Deny Users Access to a Printer

To allow users access to a printer: 1. On the print server, become root or lp.

2. Type lpadmin -p printer-name -u allow:user-list or all and press Return. By default, all users are allowed access to a printer. This step limits printer access to only those users listed. Separate user names with commas but no spaces. Or, you can use spaces to separate names, enclosing the word allow: and the list of users in quotation marks. You can substitute all for the user-list.

   Suppose you want to allow only the users ignatz and ziggy access to a local printer slw2 on system jupiter and a remote printer luna connected to the print server terra. You could type the following:

jupiter% su Password: jupiter# lpadmin -p slw2 -u allow:ignatz,ziggy jupiter# lpadmin -p luna -u allow:ignatz,ziggy jupiter# exit jupiter% rlogin terra terra% su Password: terra# lpadmin -p luna -u allow:ignatz,ziggy

To deny users access to a printer: 1. On both the print server and the print clients, become root or lp.

2. Type lpadmin -p printer-name -u deny:user-list or all and press Return. All users are allowed access to the printer, unless they are explicitly listed in the deny list. Separate user names with commas but no spaces. Or, you can use spaces to separate names, enclosing the word deny: and the list of users in quotation marks. You can substitute all for the user-list.

Suppose you want to deny the users ignatz and ziggy access to a local printer slw2 on system jupiter and a remote printer luna on the print server pine. You would type:

jupiter% su Password: jupiter# lpadmin -p slw2 -u deny:ignatz,ziggy jupiter# lpadmin -p luna -u deny:ignatz,ziggy jupiter# exit jupiter% rlogin terra terra% su Password: terra# lpadmin -p luna -u deny:ignatz,ziggy