Bugzilla – Attachment 152555 Details for
Bug 184798
Full HPLIP support in YaST printer module
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
IDP Log In
|
Forgot Password
My mail on <hplip-help@lists.sourceforge.net>
foo (text/plain), 8.17 KB, created by
Johannes Meixner
on 2007-07-24 05:46:08 UTC
(
hide
)
Description:
My mail on <hplip-help@lists.sourceforge.net>
Filename:
MIME Type:
Creator:
Johannes Meixner
Created:
2007-07-24 05:46:08 UTC
Size:
8.17 KB
patch
obsolete
>From jsmeix@suse.de Wed Jul 4 10:18:08 2007 >Date: Wed, 4 Jul 2007 10:18:08 +0200 (CEST) >From: Johannes Meixner <jsmeix@suse.de> >To: <hplip-help@lists.sourceforge.net> >Subject: Re: [Hplip-help] HP Linux Imaging and Printing System (HPLIP) 2.7.6 Release > > >Hello, > >On Jun 22 17:13 John Hosszu wrote (shortened): >> *HPLIP 2.7.6 - This release has the following changes.* >> >> 1. Major version number change denotes new functionality. >> >> No more Start-up daemons >> New Direct Device I/O (hpmud) >> Controllable Permissions > >I provide for testing HPLIP 2.7.6 for the released openSUSE 10.2 >and Suse Linux 10.1 and Suse Linux Enterprise 10 (SLE 10) >and for the openSUSE development version openSUSE "factory" >for 32-bit Intel compatible (i586) and 64-bit AMD (x86_64) >via the openSUSE build service at >http://software.opensuse.org/download/home:/jsmeix/ > >The packages are >* only for testing >* without any guarantee or warranty >* without any support > >As an extreme example, this means that if your complete computer center >crashes because of these packages, it is only your problem. > >Nevertheless, I am very interested in your feedback because the more >people test it, the more problems (even hidden problems) are revealed. >To send me feedback or bug reports, please follow the instructions in >http://en.opensuse.org/Submitting_Bug_Reports >Choose the component "Printing" (also for scanning/faxing with HPLIP). >Make it obvious which package, which package version, which hardware >architecture and which openSUSE version you are talking about - e.g.: > "Feedback regarding hplip-2.7.6-24.2.i586.rpm > and hplip-hpijs-2.7.6-24.2.i586.rpm from > http://software.opensuse.org/download/home:/jsmeix/ > for openSUSE 10.2 used on 64-bit AMD hardware." >Ideally provide the "rpm -q --changelog hplip | head" output >to make it obvious which exact package release you have. > > >Some special notes reagarding my packages: > > >1. Regarding "no more start-up daemons": > >hpiod is replaced by new direct device I/O (via hpmud library) >but hpssd (for device status) still exists and is started by >default as a daemon by the first user who needs it. >There is the drawback that it results a random user which >runs hpssd (the user who needed it first since system boot). >Therefore we (i.e. Novell/Suse) still provide /etc/init.d/hplip >(and its symlink /usr/sbin/rchplip) which is used to start hpssd >as before during system boot. > > >2. Regarding "controllable permissions": > >We (i.e. Novell/Suse) provide /etc/udev/rules.d/55-hpmud.rules >with more explicite permission setings than HP's original: >---------------------------------------------------------------- ># TODO: add PROGRAM rule for 7/xx/xx printer class interface >SUBSYSTEM!="usb_device", GOTO="hpmud_rules_end" >ACTION!="add", GOTO="hpmud_rules_end" >SYSFS{idVendor}=="03f0", OWNER="root", GROUP="lp", MODE="0660" >LABEL="hpmud_rules_end" >---------------------------------------------------------------- >We explicitely set additionally owner and mode so that the >device file /dev/bus/usb/<bus-number>/<device-number> >(see the "lsusb" output for bus-number and device-number) >has the following permissions "rw-rw---- root lp" >so that the CUPS backend "hp" which runs under the user "lp" >("lp" is a member of the group "lp") can access the device. >This is sufficient for printing. > >As in HP's original 55-hpmud.rules file, we sets those >permissions for all HP USB devices (i.e. where the USB >vendor ID is "03f0"). >The reason is that there is no complete list of USB product >IDs for those HP devices which are supported by HPLIP. > >To avoid that HP USB devices which are no printers get also those >permissions, specify the USB product ID (see the "lsusb" output >for the USB IDs) for those devices which are HP USB printers >for example as follows (long lines are wrapped here at "GROUP", >in the real file all permission settings must be on one line): >---------------------------------------------------------------- ># TODO: add PROGRAM rule for 7/xx/xx printer class interface >SUBSYSTEM!="usb_device", GOTO="hpmud_rules_end" >ACTION!="add", GOTO="hpmud_rules_end" >SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="7004", OWNER="root", > GROUP="lp", MODE="0660" >SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="0417", OWNER="root", > GROUP="lp", MODE="0660" >LABEL="hpmud_rules_end" >---------------------------------------------------------------- >Here for example only a DeskJet 3320c with USB product ID "7004" >and a LaserJet 1220 with USB product ID "0417" get the >permission settings for printing. > >But those permissions are not sufficient for scanning because >scanning is done as normal user (i.e. the user who runs the >scanning frontend program like scanimage, xscanimage, xsane). > >To set appropriate permissions for scanning, do one of the >following: > >a) >Add the normal users who should be allowed to scan >to the "lp" group. > >b) >Use a different /etc/udev/rules.d/55-hpmud.rules file like >the following (long lines are wrapped here at "GROUP", in the >real file all permission settings must be on one line): >---------------------------------------------------------------- ># TODO: add PROGRAM rule for 7/xx/xx printer class interface >SUBSYSTEM!="usb_device", GOTO="hpmud_rules_end" >ACTION!="add", GOTO="hpmud_rules_end" >SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="7004", OWNER="root", > GROUP="lp", MODE="0660" >SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="0417", OWNER="root", > GROUP="lp", MODE="0666" >LABEL="hpmud_rules_end" >---------------------------------------------------------------- >Now the all-in-one device LaserJet 1220 with product ID "0417" >has insecure permissions which allow all users read/write access. >R/w access is necessary for scanning but it should not be set >for for all users. Any user can now send nonsense data to >the device (e.g. disturb a simlutaneously running print job >or a simlutaneously running scanning). >MODE="0666" is only o.k. for system where only one person works >at the same time e.g. a personal workstation without remote login. > >c) >Use "resmgr" to let it set an appropriate ACL for the USB device >file so that only the user who is logged in directly at the >computer (i.e. who is logged in via "console"/KDM/XDM) gets >read/write access for the device. >Add the device to /etc/hal/fdi/policy/10osvendor/80-scanner.fdi >for example for openSUSE 10.2 like >----------------------------------------------------------------- ><match key="info.category" string="usbraw"> ><match key="@info.parent:usb_device.vendor_id" int="0x03f0"> ><match key="@info.parent:usb_device.product_id" int="0x0417"> ><append key="info.capabilities" type="strlist">scanner</append> ></match> ></match> ></match> >----------------------------------------------------------------- >and for the openSUSE development version openSUSE "factory" like >----------------------------------------------------------------- ><match key="info.bus" string="usb_device"> ><match key="usb_device.vendor_id" int="0x03f0"> ><match key="usb_device.product_id" int="0x0417"> ><append key="info.capabilities" type="strlist">scanner</append> ></match> ></match> ></match> >----------------------------------------------------------------- >It should not cause problems if you have both kind of entries >at the same time in the .../80-scanner.fdi file. >For background information about the changed format, see >https://bugzilla.novell.com/show_bug.cgi?id=250659 > >Here for example the all-in-one device LaserJet 1220 with product >ID "0417" gets via the udev/HAL/resmgr machinery an appropriate >ACL set for its decice file like >---------------------------------------------------------------- >user@host$ lsusb >... >Bus 002 Device 035: ID 03f0:0417 Hewlett-Packard >... > >user@host$ ls -l /dev/bus/usb/002/035 >crw-rw----+ 1 root lp ... /dev/bus/usb/002/035 > >user@host$ getfacl /dev/bus/usb/002/035 >getfacl: Removing leading '/' from absolute path names ># file: dev/bus/usb/002/035 ># owner: root ># group: lp >user::rw- >user:jsmeix:rw- >group::rw- >mask::rw- >other::--- >---------------------------------------------------------------- >Here the normal user "jsmeix" (and only this one normal user) >has read/write permissions because I am currently logged in >directly at the computer via this user. All other normal users >still don't have any permissions. > > >Kind Regards >Johannes Meixner >-- >SUSE LINUX Products GmbH, Maxfeldstrasse 5, 90409 Nuernberg, Germany >AG Nuernberg, HRB 16746, GF: Markus Rex >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=152555">View the attachment on a separate page</a>.</b>
Actions:
View
Attachments on
bug 184798
:
89297
| 152555