Hello, On Jun 22 17:13 John Hosszu wrote (shortened): > *HPLIP 2.7.6 - This release has the following changes.* > > 1. Major version number change denotes new functionality. > > No more Start-up daemons > New Direct Device I/O (hpmud) > Controllable Permissions
I provide for testing HPLIP 2.7.6 for the released openSUSE 10.2 and Suse Linux 10.1 and Suse Linux Enterprise 10 (SLE 10) and for the openSUSE development version openSUSE "factory" for 32-bit Intel compatible (i586) and 64-bit AMD (x86_64) via the openSUSE build service at http://software.opensuse.org/download/home:/jsmeix/ The packages are * only for testing * without any guarantee or warranty * without any support As an extreme example, this means that if your complete computer center crashes because of these packages, it is only your problem. Nevertheless, I am very interested in your feedback because the more people test it, the more problems (even hidden problems) are revealed. To send me feedback or bug reports, please follow the instructions in http://en.opensuse.org/Submitting_Bug_Reports Choose the component "Printing" (also for scanning/faxing with HPLIP). Make it obvious which package, which package version, which hardware architecture and which openSUSE version you are talking about - e.g.: "Feedback regarding hplip-2.7.6-24.2.i586.rpm and hplip-hpijs-2.7.6-24.2.i586.rpm from http://software.opensuse.org/download/home:/jsmeix/ for openSUSE 10.2 used on 64-bit AMD hardware." Ideally provide the "rpm -q --changelog hplip | head" output to make it obvious which exact package release you have. Some special notes reagarding my packages: 1. Regarding "no more start-up daemons": hpiod is replaced by new direct device I/O (via hpmud library) but hpssd (for device status) still exists and is started by default as a daemon by the first user who needs it. There is the drawback that it results a random user which runs hpssd (the user who needed it first since system boot). Therefore we (i.e. Novell/Suse) still provide /etc/init.d/hplip (and its symlink /usr/sbin/rchplip) which is used to start hpssd as before during system boot. 2. Regarding "controllable permissions": We (i.e. Novell/Suse) provide /etc/udev/rules.d/55-hpmud.rules with more explicite permission setings than HP's original: ---------------------------------------------------------------- # TODO: add PROGRAM rule for 7/xx/xx printer class interface SUBSYSTEM!="usb_device", GOTO="hpmud_rules_end" ACTION!="add", GOTO="hpmud_rules_end" SYSFS{idVendor}=="03f0", OWNER="root", GROUP="lp", MODE="0660" LABEL="hpmud_rules_end" ---------------------------------------------------------------- We explicitely set additionally owner and mode so that the device file /dev/bus/usb/<bus-number>/<device-number> (see the "lsusb" output for bus-number and device-number) has the following permissions "rw-rw---- root lp" so that the CUPS backend "hp" which runs under the user "lp" ("lp" is a member of the group "lp") can access the device. This is sufficient for printing. As in HP's original 55-hpmud.rules file, we sets those permissions for all HP USB devices (i.e. where the USB vendor ID is "03f0"). The reason is that there is no complete list of USB product IDs for those HP devices which are supported by HPLIP. To avoid that HP USB devices which are no printers get also those permissions, specify the USB product ID (see the "lsusb" output for the USB IDs) for those devices which are HP USB printers for example as follows (long lines are wrapped here at "GROUP", in the real file all permission settings must be on one line): ---------------------------------------------------------------- # TODO: add PROGRAM rule for 7/xx/xx printer class interface SUBSYSTEM!="usb_device", GOTO="hpmud_rules_end" ACTION!="add", GOTO="hpmud_rules_end" SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="7004", OWNER="root", GROUP="lp", MODE="0660" SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="0417", OWNER="root", GROUP="lp", MODE="0660" LABEL="hpmud_rules_end" ---------------------------------------------------------------- Here for example only a DeskJet 3320c with USB product ID "7004" and a LaserJet 1220 with USB product ID "0417" get the permission settings for printing. But those permissions are not sufficient for scanning because scanning is done as normal user (i.e. the user who runs the scanning frontend program like scanimage, xscanimage, xsane). To set appropriate permissions for scanning, do one of the following: a) Add the normal users who should be allowed to scan to the "lp" group. b) Use a different /etc/udev/rules.d/55-hpmud.rules file like the following (long lines are wrapped here at "GROUP", in the real file all permission settings must be on one line): ---------------------------------------------------------------- # TODO: add PROGRAM rule for 7/xx/xx printer class interface SUBSYSTEM!="usb_device", GOTO="hpmud_rules_end" ACTION!="add", GOTO="hpmud_rules_end" SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="7004", OWNER="root", GROUP="lp", MODE="0660" SYSFS{idVendor}=="03f0", SYSFS{idProduct}=="0417", OWNER="root", GROUP="lp", MODE="0666" LABEL="hpmud_rules_end" ---------------------------------------------------------------- Now the all-in-one device LaserJet 1220 with product ID "0417" has insecure permissions which allow all users read/write access. R/w access is necessary for scanning but it should not be set for for all users. Any user can now send nonsense data to the device (e.g. disturb a simlutaneously running print job or a simlutaneously running scanning). MODE="0666" is only o.k. for system where only one person works at the same time e.g. a personal workstation without remote login. c) Use "resmgr" to let it set an appropriate ACL for the USB device file so that only the user who is logged in directly at the computer (i.e. who is logged in via "console"/KDM/XDM) gets read/write access for the device. Add the device to /etc/hal/fdi/policy/10osvendor/80-scanner.fdi for example for openSUSE 10.2 like ----------------------------------------------------------------- <match key="info.category" string="usbraw"> <match key="@info.parent:usb_device.vendor_id" int="0x03f0"> <match key="@info.parent:usb_device.product_id" int="0x0417"> <append key="info.capabilities" type="strlist">scanner</append> </match> </match> </match> ----------------------------------------------------------------- and for the openSUSE development version openSUSE "factory" like ----------------------------------------------------------------- <match key="info.bus" string="usb_device"> <match key="usb_device.vendor_id" int="0x03f0"> <match key="usb_device.product_id" int="0x0417"> <append key="info.capabilities" type="strlist">scanner</append> </match> </match> </match> ----------------------------------------------------------------- It should not cause problems if you have both kind of entries at the same time in the .../80-scanner.fdi file. For background information about the changed format, see https://bugzilla.novell.com/show_bug.cgi?id=250659 Here for example the all-in-one device LaserJet 1220 with product ID "0417" gets via the udev/HAL/resmgr machinery an appropriate ACL set for its decice file like ---------------------------------------------------------------- [EMAIL PROTECTED] lsusb ... Bus 002 Device 035: ID 03f0:0417 Hewlett-Packard ... [EMAIL PROTECTED] ls -l /dev/bus/usb/002/035 crw-rw----+ 1 root lp ... /dev/bus/usb/002/035 [EMAIL PROTECTED] getfacl /dev/bus/usb/002/035 getfacl: Removing leading '/' from absolute path names # file: dev/bus/usb/002/035 # owner: root # group: lp user::rw- user:jsmeix:rw- group::rw- mask::rw- other::--- ---------------------------------------------------------------- Here the normal user "jsmeix" (and only this one normal user) has read/write permissions because I am currently logged in directly at the computer via this user. All other normal users still don't have any permissions. Kind Regards Johannes Meixner -- SUSE LINUX Products GmbH, Maxfeldstrasse 5, 90409 Nuernberg, Germany AG Nuernberg, HRB 16746, GF: Markus Rex ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ HPLIP-Help mailing list HPLIP-Help@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/hplip-help
