Hello, On Aug 1 20:45 Joe Morris (NTM) wrote (shortened): > hp-check is a good troubleshooting tool, but it > seems to favor adding all users to the lp group. Using resmgr seems to > me to be a more secure option. Is it possible to patch hp-check to look > for perhaps actual permissions on SUSE instead of warning to add all the > users to group lp (which does also work), or look for the code in > 80-scanner.fdi. Also, another possible patch is hp-check complains > wrongly about usb_device permissions (it must be looking in > 50-udev-default.rules). The 55-hpmud.rules work very well. Perhaps it > should look there instead.
hp-check should not inspect any config file to find out the actual permissions of a device file. To find out the actual permissions of whatever file, exactly this file must be inspected. Anything else is only a blind guess. There is nothing Novell/Suse specific here. It is Novell/Suse specific how we set the actual permissions of a device file but the actual permissions itself are perfectly in compliance to the "rest of the world". What might be a bit unexpected is that we use ACLs. When there is a ACL, a simple "ls -l file" is insufficient to find out the actual permissions of the file, see the following example: ------------------------------------------------------------------- jsmeix$ lsusb ... Bus 002 Device 050: ID 03f0:7004 Hewlett-Packard DeskJet 3320c Bus 002 Device 047: ID 03f0:0417 Hewlett-Packard LaserJet 1220 jsmeix$ ls -l /dev/bus/usb/*/* ... crw-rw----+ 1 root lp 189, 174 Aug 3 10:37 /dev/bus/usb/002/047 crw-rw---- 1 root lp 189, 177 Aug 3 10:37 /dev/bus/usb/002/050 jsmeix$ getfacl /dev/bus/usb/002/047 getfacl: Removing leading '/' from absolute path names # file: dev/bus/usb/002/047 # owner: root # group: lp user::rw- user:jsmeix:rw- group::rw- mask::rw- other::--- jsmeix$ echo -n "" >/dev/bus/usb/002/047 && echo OK || echo failed OK jsmeix$ echo -n "" >/dev/bus/usb/002/050 && echo OK || echo failed bash: /dev/bus/usb/002/050: Permission denied failed root# chmod g=r /dev/bus/usb/002/047 jsmeix$ ls -l /dev/bus/usb/002/047 crw-r-----+ 1 root lp 189, 174 2007-08-03 10:37 /dev/bus/usb/002/047 jsmeix$ getfacl /dev/bus/usb/002/047 getfacl: Removing leading '/' from absolute path names # file: dev/bus/usb/002/047 # owner: root # group: lp user::rw- user:jsmeix:rw- #effective:r-- group::rw- #effective:r-- mask::r-- other::--- jsmeix$ echo -n "" >/dev/bus/usb/002/047 && echo OK || echo failed bash: /dev/bus/usb/002/047: Permission denied failed ------------------------------------------------------------------- Carefully note the perhaps unexpected side-effect of the traditional "chmod g=r" on the permissions via ACL. The reason is that the traditional permissions for the group become a special meaning (ACL_MASK) if there is an ACL, see "man acl": ------------------------------------------------------------------- The permissions defined for the file group correspond to the permissions of the ACL_GROUP_OBJ entry, if the ACL has no ACL_MASK entry. If the ACL has an ACL_MASK entry, then the permissions defined for the file group correspond to the permissions of the ACL_MASK entry. ------------------------------------------------------------------- Perhaps it is sufficient and easier to try in hp-check only to open the device file for read and for write as the user who currently runs hp-check than implementing any complicated permission testing algorithm? Kind Regards Johannes Meixner -- SUSE LINUX Products GmbH, Maxfeldstrasse 5, 90409 Nuernberg, Germany AG Nuernberg, HRB 16746, GF: Markus Rex ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ HPLIP-Help mailing list HPLIP-Help@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/hplip-help
