sorry, I have forgotten: My PC = SuSE 10.2, hplip-2.7.6 Arno
Arno Jung schrieb: > hello Johannes Meixner, > many thanks for the swiftly "readymade RPMs" hplip-2.7.6 > > > > Here my hp-check (shortened): > > ----------------- > | USB I/O SETUP | > ----------------- > > Checking proper HPLIP I/O setup (USB I/O only)... > error: udev "usb_device" access mode is INCORRECT: 0644 (it must be > 066x) > > Checking for permissions of USB attached printers... > HP Device 0x3a11 at 003:004: > Device URI: hp:/usb/officejet_5500_series?serial=MY42QF111896 > Device node: /dev/bus/usb/003/004 > Mode: 0660 > UID: 0 (root) > GID: 7 (lp) > Device group and mode appear correct. > > > I think, hp-check don't know, that the file is > "/dev/bus/usb/003/004" > alias > "/proc/bus/usb/devices/" (shortened): > > T: Bus=03 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 4 Spd=12 MxCh= 0 > D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS= 8 #Cfgs= 1 > P: Vendor=03f0 ProdID=3a11 Rev= 1.00 > S: Manufacturer=hp > S: Product=officejet 5500 series > S: SerialNumber=MY42QF111896 > C:* #Ifs= 3 Cfg#= 1 Atr=c0 MxPwr= 2mA > > > > arju:~ # ls -l /dev/bus/usb/003/004 > crw-rw---- 1 root lp 189, 259 4. Jul 16:45 /dev/bus/usb/003/004 > arju:~ # > > > Kind Regards > Arno > > > > > > > > > Johannes Meixner schrieb: >> Hello, >> >> On Jun 22 17:13 John Hosszu wrote (shortened): >>> *HPLIP 2.7.6 - This release has the following changes.* >>> >>> 1. Major version number change denotes new functionality. >>> >>> No more Start-up daemons >>> New Direct Device I/O (hpmud) >>> Controllable Permissions >> >> I provide for testing HPLIP 2.7.6 for the released openSUSE 10.2 >> and Suse Linux 10.1 and Suse Linux Enterprise 10 (SLE 10) >> and for the openSUSE development version openSUSE "factory" >> for 32-bit Intel compatible (i586) and 64-bit AMD (x86_64) >> via the openSUSE build service at >> http://software.opensuse.org/download/home:/jsmeix/ >> >> The packages are >> * only for testing >> * without any guarantee or warranty >> * without any support >> >> As an extreme example, this means that if your complete computer center >> crashes because of these packages, it is only your problem. >> >> Nevertheless, I am very interested in your feedback because the more >> people test it, the more problems (even hidden problems) are revealed. >> To send me feedback or bug reports, please follow the instructions in >> http://en.opensuse.org/Submitting_Bug_Reports >> Choose the component "Printing" (also for scanning/faxing with HPLIP). >> Make it obvious which package, which package version, which hardware >> architecture and which openSUSE version you are talking about - e.g.: >> "Feedback regarding hplip-2.7.6-24.2.i586.rpm >> and hplip-hpijs-2.7.6-24.2.i586.rpm from >> http://software.opensuse.org/download/home:/jsmeix/ >> for openSUSE 10.2 used on 64-bit AMD hardware." >> Ideally provide the "rpm -q --changelog hplip | head" output >> to make it obvious which exact package release you have. >> >> >> Some special notes reagarding my packages: >> >> >> 1. Regarding "no more start-up daemons": >> >> hpiod is replaced by new direct device I/O (via hpmud library) >> but hpssd (for device status) still exists and is started by >> default as a daemon by the first user who needs it. >> There is the drawback that it results a random user which >> runs hpssd (the user who needed it first since system boot). >> Therefore we (i.e. Novell/Suse) still provide /etc/init.d/hplip >> (and its symlink /usr/sbin/rchplip) which is used to start hpssd >> as before during system boot. >> >> >> 2. Regarding "controllable permissions": >> >> We (i.e. Novell/Suse) provide /etc/udev/rules.d/55-hpmud.rules >> with more explicite permission setings than HP's original: >> ---------------------------------------------------------------- >> # TODO: add PROGRAM rule for 7/xx/xx printer class interface >> SUBSYSTEM!="usb_device", GOTO="hpmud_rules_end" >> ACTION!="add", GOTO="hpmud_rules_end" >> SYSFS{idVendor}=="03f0", OWNER="root", GROUP="lp", MODE="0660" >> LABEL="hpmud_rules_end" >> ---------------------------------------------------------------- >> We explicitely set additionally owner and mode so that the >> device file /dev/bus/usb/<bus-number>/<device-number> >> (see the "lsusb" output for bus-number and device-number) >> has the following permissions "rw-rw---- root lp" >> so that the CUPS backend "hp" which runs under the user "lp" >> ("lp" is a member of the group "lp") can access the device. >> This is sufficient for printing. >> >> As in HP's original 55-hpmud.rules file, we sets those >> permissions for all HP USB devices (i.e. where the USB >> vendor ID is "03f0"). >> The reason is that there is no complete list of USB product >> IDs for those HP devices which are supported by HPLIP. >> >> To avoid that HP USB devices which are no printers get also those >> permissions, specify the USB product ID (see the "lsusb" output >> for the USB IDs) for those devices which are HP USB printers >> for example as follows (long lines are wrapped here at "GROUP", >> in the real file all permission settings must be on one line): >> ---------------------------------------------------------------- >> # TODO: add PROGRAM rule for 7/xx/xx printer class interface >> SUBSYSTEM!="usb_device", GOTO="hpmud_rules_end" >> ACTION!="add", GOTO="hpmud_rules_end" >> SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="7004", OWNER="root", >> GROUP="lp", MODE="0660" >> SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="0417", OWNER="root", >> GROUP="lp", MODE="0660" >> LABEL="hpmud_rules_end" >> ---------------------------------------------------------------- >> Here for example only a DeskJet 3320c with USB product ID "7004" >> and a LaserJet 1220 with USB product ID "0417" get the >> permission settings for printing. >> >> But those permissions are not sufficient for scanning because >> scanning is done as normal user (i.e. the user who runs the >> scanning frontend program like scanimage, xscanimage, xsane). >> >> To set appropriate permissions for scanning, do one of the >> following: >> >> a) >> Add the normal users who should be allowed to scan >> to the "lp" group. >> >> b) >> Use a different /etc/udev/rules.d/55-hpmud.rules file like >> the following (long lines are wrapped here at "GROUP", in the >> real file all permission settings must be on one line): >> ---------------------------------------------------------------- >> # TODO: add PROGRAM rule for 7/xx/xx printer class interface >> SUBSYSTEM!="usb_device", GOTO="hpmud_rules_end" >> ACTION!="add", GOTO="hpmud_rules_end" >> SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="7004", OWNER="root", >> GROUP="lp", MODE="0660" >> SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="0417", OWNER="root", >> GROUP="lp", MODE="0666" >> LABEL="hpmud_rules_end" >> ---------------------------------------------------------------- >> Now the all-in-one device LaserJet 1220 with product ID "0417" >> has insecure permissions which allow all users read/write access. >> R/w access is necessary for scanning but it should not be set >> for for all users. Any user can now send nonsense data to >> the device (e.g. disturb a simlutaneously running print job >> or a simlutaneously running scanning). >> MODE="0666" is only o.k. for system where only one person works >> at the same time e.g. a personal workstation without remote login. >> >> c) >> Use "resmgr" to let it set an appropriate ACL for the USB device >> file so that only the user who is logged in directly at the >> computer (i.e. who is logged in via "console"/KDM/XDM) gets >> read/write access for the device. >> Add the device to /etc/hal/fdi/policy/10osvendor/80-scanner.fdi >> for example for openSUSE 10.2 like >> ----------------------------------------------------------------- >> <match key="info.category" string="usbraw"> >> <match key="@info.parent:usb_device.vendor_id" int="0x03f0"> >> <match key="@info.parent:usb_device.product_id" int="0x0417"> >> <append key="info.capabilities" type="strlist">scanner</append> >> </match> >> </match> >> </match> >> ----------------------------------------------------------------- >> and for the openSUSE development version openSUSE "factory" like >> ----------------------------------------------------------------- >> <match key="info.bus" string="usb_device"> >> <match key="usb_device.vendor_id" int="0x03f0"> >> <match key="usb_device.product_id" int="0x0417"> >> <append key="info.capabilities" type="strlist">scanner</append> >> </match> >> </match> >> </match> >> ----------------------------------------------------------------- >> It should not cause problems if you have both kind of entries >> at the same time in the .../80-scanner.fdi file. >> For background information about the changed format, see >> https://bugzilla.novell.com/show_bug.cgi?id=250659 >> >> Here for example the all-in-one device LaserJet 1220 with product >> ID "0417" gets via the udev/HAL/resmgr machinery an appropriate >> ACL set for its decice file like >> ---------------------------------------------------------------- >> [EMAIL PROTECTED] lsusb >> ... >> Bus 002 Device 035: ID 03f0:0417 Hewlett-Packard >> ... >> >> [EMAIL PROTECTED] ls -l /dev/bus/usb/002/035 >> crw-rw----+ 1 root lp ... /dev/bus/usb/002/035 >> >> [EMAIL PROTECTED] getfacl /dev/bus/usb/002/035 >> getfacl: Removing leading '/' from absolute path names >> # file: dev/bus/usb/002/035 >> # owner: root >> # group: lp >> user::rw- >> user:jsmeix:rw- >> group::rw- >> mask::rw- >> other::--- >> ---------------------------------------------------------------- >> Here the normal user "jsmeix" (and only this one normal user) >> has read/write permissions because I am currently logged in >> directly at the computer via this user. All other normal users >> still don't have any permissions. >> >> >> Kind Regards >> Johannes Meixner > > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > _______________________________________________ > HPLIP-Help mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/hplip-help > ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ HPLIP-Help mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/hplip-help
