On 17/09/2014 09:21, Hans Petter Selasky wrote:> On 09/17/14 08:00, Andriy Gapon wrote:
>>
>> Soliciting help.
>>
>> -------- Forwarded Message --------
>>
>>> From my experience I think that cupsd executes backend tools with
all uids and
>> gids set to cups and no supplementary groups. In the case of USB
printers the
>> backends need to access /dev/usbctl and /dev/usb/foobar that
corresponds to a
>> printer. That means that the access to those devices must be somehow
granted to
>> cups:cups.
>> How do people solve this? What kind of permissions / configuration do
you use?
>>
>> P.S.
>> Maybe I over-generalized the issue to all USB printers. My personal
experience
>> is with an HP printer handled by hplip / hplip-plugin.
>>
>
> Hi,
>
> The /usr/ports/print/cups-base should be updated.
>
> The pkg-message should not say that:
>
>
> # FreeBSD 8.x
> add path 'usb*' mode 0770 group cups
> add path 'ugen*' mode 0660 group cups
>
> add path 'usb/0.2.*' mode 0660 group cups
>
> Is needed. This is wrong.
>
> Instead make cups-base install the attached devd configuration file in
> /usr/local/etc/devd/ which does the needed chown for printers only.
The problem is that my printer does not work if I also do not change permissions
on /dev/usbctl. But I do not really want /dev/usbctl to be owned by cups as
there can be other services / users that need access to usbctl.
Is there anything smarter than mucking with device ownership?
In other words, I have no problem granting cups user or group a full access to
all USB devices. I have a problem with changing owner or group of USB devices
to cups, because that interferes with other accesses to those devices.
--
Andriy Gapon