hello Johannes Meixner,
many thanks for the swiftly "readymade RPMs" hplip-2.7.6
Here my hp-check (shortened):
-----------------
| USB I/O SETUP |
-----------------
Checking proper HPLIP I/O setup (USB I/O only)...
error: udev "usb_device" access mode is INCORRECT: 0644 (it must be
066x)
Checking for permissions of USB attached printers...
HP Device 0x3a11 at 003:004:
Device URI: hp:/usb/officejet_5500_series?serial=MY42QF111896
Device node: /dev/bus/usb/003/004
Mode: 0660
UID: 0 (root)
GID: 7 (lp)
Device group and mode appear correct.
I think, hp-check don't know, that the file is
"/dev/bus/usb/003/004"
alias
"/proc/bus/usb/devices/" (shortened):
T: Bus=03 Lev=01 Prnt=01 Port=00 Cnt=01 Dev#= 4 Spd=12 MxCh= 0
D: Ver= 2.00 Cls=00(>ifc ) Sub=00 Prot=00 MxPS= 8 #Cfgs= 1
P: Vendor=03f0 ProdID=3a11 Rev= 1.00
S: Manufacturer=hp
S: Product=officejet 5500 series
S: SerialNumber=MY42QF111896
C:* #Ifs= 3 Cfg#= 1 Atr=c0 MxPwr= 2mA
arju:~ # ls -l /dev/bus/usb/003/004
crw-rw---- 1 root lp 189, 259 4. Jul 16:45 /dev/bus/usb/003/004
arju:~ #
Kind Regards
Arno
Johannes Meixner schrieb:
> Hello,
>
> On Jun 22 17:13 John Hosszu wrote (shortened):
>> *HPLIP 2.7.6 - This release has the following changes.*
>>
>> 1. Major version number change denotes new functionality.
>>
>> No more Start-up daemons
>> New Direct Device I/O (hpmud)
>> Controllable Permissions
>
> I provide for testing HPLIP 2.7.6 for the released openSUSE 10.2
> and Suse Linux 10.1 and Suse Linux Enterprise 10 (SLE 10)
> and for the openSUSE development version openSUSE "factory"
> for 32-bit Intel compatible (i586) and 64-bit AMD (x86_64)
> via the openSUSE build service at
> http://software.opensuse.org/download/home:/jsmeix/
>
> The packages are
> * only for testing
> * without any guarantee or warranty
> * without any support
>
> As an extreme example, this means that if your complete computer center
> crashes because of these packages, it is only your problem.
>
> Nevertheless, I am very interested in your feedback because the more
> people test it, the more problems (even hidden problems) are revealed.
> To send me feedback or bug reports, please follow the instructions in
> http://en.opensuse.org/Submitting_Bug_Reports
> Choose the component "Printing" (also for scanning/faxing with HPLIP).
> Make it obvious which package, which package version, which hardware
> architecture and which openSUSE version you are talking about - e.g.:
> "Feedback regarding hplip-2.7.6-24.2.i586.rpm
> and hplip-hpijs-2.7.6-24.2.i586.rpm from
> http://software.opensuse.org/download/home:/jsmeix/
> for openSUSE 10.2 used on 64-bit AMD hardware."
> Ideally provide the "rpm -q --changelog hplip | head" output
> to make it obvious which exact package release you have.
>
>
> Some special notes reagarding my packages:
>
>
> 1. Regarding "no more start-up daemons":
>
> hpiod is replaced by new direct device I/O (via hpmud library)
> but hpssd (for device status) still exists and is started by
> default as a daemon by the first user who needs it.
> There is the drawback that it results a random user which
> runs hpssd (the user who needed it first since system boot).
> Therefore we (i.e. Novell/Suse) still provide /etc/init.d/hplip
> (and its symlink /usr/sbin/rchplip) which is used to start hpssd
> as before during system boot.
>
>
> 2. Regarding "controllable permissions":
>
> We (i.e. Novell/Suse) provide /etc/udev/rules.d/55-hpmud.rules
> with more explicite permission setings than HP's original:
> ----------------------------------------------------------------
> # TODO: add PROGRAM rule for 7/xx/xx printer class interface
> SUBSYSTEM!="usb_device", GOTO="hpmud_rules_end"
> ACTION!="add", GOTO="hpmud_rules_end"
> SYSFS{idVendor}=="03f0", OWNER="root", GROUP="lp", MODE="0660"
> LABEL="hpmud_rules_end"
> ----------------------------------------------------------------
> We explicitely set additionally owner and mode so that the
> device file /dev/bus/usb/<bus-number>/<device-number>
> (see the "lsusb" output for bus-number and device-number)
> has the following permissions "rw-rw---- root lp"
> so that the CUPS backend "hp" which runs under the user "lp"
> ("lp" is a member of the group "lp") can access the device.
> This is sufficient for printing.
>
> As in HP's original 55-hpmud.rules file, we sets those
> permissions for all HP USB devices (i.e. where the USB
> vendor ID is "03f0").
> The reason is that there is no complete list of USB product
> IDs for those HP devices which are supported by HPLIP.
>
> To avoid that HP USB devices which are no printers get also those
> permissions, specify the USB product ID (see the "lsusb" output
> for the USB IDs) for those devices which are HP USB printers
> for example as follows (long lines are wrapped here at "GROUP",
> in the real file all permission settings must be on one line):
> ----------------------------------------------------------------
> # TODO: add PROGRAM rule for 7/xx/xx printer class interface
> SUBSYSTEM!="usb_device", GOTO="hpmud_rules_end"
> ACTION!="add", GOTO="hpmud_rules_end"
> SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="7004", OWNER="root",
> GROUP="lp", MODE="0660"
> SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="0417", OWNER="root",
> GROUP="lp", MODE="0660"
> LABEL="hpmud_rules_end"
> ----------------------------------------------------------------
> Here for example only a DeskJet 3320c with USB product ID "7004"
> and a LaserJet 1220 with USB product ID "0417" get the
> permission settings for printing.
>
> But those permissions are not sufficient for scanning because
> scanning is done as normal user (i.e. the user who runs the
> scanning frontend program like scanimage, xscanimage, xsane).
>
> To set appropriate permissions for scanning, do one of the
> following:
>
> a)
> Add the normal users who should be allowed to scan
> to the "lp" group.
>
> b)
> Use a different /etc/udev/rules.d/55-hpmud.rules file like
> the following (long lines are wrapped here at "GROUP", in the
> real file all permission settings must be on one line):
> ----------------------------------------------------------------
> # TODO: add PROGRAM rule for 7/xx/xx printer class interface
> SUBSYSTEM!="usb_device", GOTO="hpmud_rules_end"
> ACTION!="add", GOTO="hpmud_rules_end"
> SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="7004", OWNER="root",
> GROUP="lp", MODE="0660"
> SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="0417", OWNER="root",
> GROUP="lp", MODE="0666"
> LABEL="hpmud_rules_end"
> ----------------------------------------------------------------
> Now the all-in-one device LaserJet 1220 with product ID "0417"
> has insecure permissions which allow all users read/write access.
> R/w access is necessary for scanning but it should not be set
> for for all users. Any user can now send nonsense data to
> the device (e.g. disturb a simlutaneously running print job
> or a simlutaneously running scanning).
> MODE="0666" is only o.k. for system where only one person works
> at the same time e.g. a personal workstation without remote login.
>
> c)
> Use "resmgr" to let it set an appropriate ACL for the USB device
> file so that only the user who is logged in directly at the
> computer (i.e. who is logged in via "console"/KDM/XDM) gets
> read/write access for the device.
> Add the device to /etc/hal/fdi/policy/10osvendor/80-scanner.fdi
> for example for openSUSE 10.2 like
> -----------------------------------------------------------------
> <match key="info.category" string="usbraw">
> <match key="@info.parent:usb_device.vendor_id" int="0x03f0">
> <match key="@info.parent:usb_device.product_id" int="0x0417">
> <append key="info.capabilities" type="strlist">scanner</append>
> </match>
> </match>
> </match>
> -----------------------------------------------------------------
> and for the openSUSE development version openSUSE "factory" like
> -----------------------------------------------------------------
> <match key="info.bus" string="usb_device">
> <match key="usb_device.vendor_id" int="0x03f0">
> <match key="usb_device.product_id" int="0x0417">
> <append key="info.capabilities" type="strlist">scanner</append>
> </match>
> </match>
> </match>
> -----------------------------------------------------------------
> It should not cause problems if you have both kind of entries
> at the same time in the .../80-scanner.fdi file.
> For background information about the changed format, see
> https://bugzilla.novell.com/show_bug.cgi?id=250659
>
> Here for example the all-in-one device LaserJet 1220 with product
> ID "0417" gets via the udev/HAL/resmgr machinery an appropriate
> ACL set for its decice file like
> ----------------------------------------------------------------
> [EMAIL PROTECTED] lsusb
> ...
> Bus 002 Device 035: ID 03f0:0417 Hewlett-Packard
> ...
>
> [EMAIL PROTECTED] ls -l /dev/bus/usb/002/035
> crw-rw----+ 1 root lp ... /dev/bus/usb/002/035
>
> [EMAIL PROTECTED] getfacl /dev/bus/usb/002/035
> getfacl: Removing leading '/' from absolute path names
> # file: dev/bus/usb/002/035
> # owner: root
> # group: lp
> user::rw-
> user:jsmeix:rw-
> group::rw-
> mask::rw-
> other::---
> ----------------------------------------------------------------
> Here the normal user "jsmeix" (and only this one normal user)
> has read/write permissions because I am currently logged in
> directly at the computer via this user. All other normal users
> still don't have any permissions.
>
>
> Kind Regards
> Johannes Meixner
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
HPLIP-Help mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/hplip-help
