[Nix-commits] SVN commit: nix - r23003 - in nixos/trunk/modules: misc services/printing

Fri, 06 Aug 2010 07:52:21 -0700 

Author: eelco
Date: Fri Aug  6 14:52:09 2010
New Revision: 23003
URL: https://svn.nixos.org/websvn/nix/?rev=23003&sc=1

Log:
* Run CUPS' external programs in the "lp" group so that they can
  access printer devices in /dev.  Also use a "cups" user instead of
  "nobody".

Modified:
   nixos/trunk/modules/misc/ids.nix
   nixos/trunk/modules/services/printing/cupsd.nix

Modified: nixos/trunk/modules/misc/ids.nix
==============================================================================
--- nixos/trunk/modules/misc/ids.nix    Fri Aug  6 12:59:16 2010        (r23002)
+++ nixos/trunk/modules/misc/ids.nix    Fri Aug  6 14:52:09 2010        (r23003)
@@ -54,7 +54,8 @@
     privoxy = 32;    
     osgi = 34;
     sabnzbd = 33;
-    tor = 35;    
+    tor = 35;
+    cups = 36;
     # When adding a uid, make sure it doesn't match an existing gid.
 
     nixbld = 30000; # start of range of uids

Modified: nixos/trunk/modules/services/printing/cupsd.nix
==============================================================================
--- nixos/trunk/modules/services/printing/cupsd.nix     Fri Aug  6 12:59:16 
2010        (r23002)
+++ nixos/trunk/modules/services/printing/cupsd.nix     Fri Aug  6 14:52:09 
2010        (r23003)
@@ -102,11 +102,18 @@
 
   config = mkIf config.services.printing.enable {
 
-    environment.systemPackages = [cups];
+    users.extraUsers = singleton
+      { name = "cups";
+        uid = config.ids.uids.cups;
+        group = "lp";
+        description = "CUPS printing services";
+      };
+
+    environment.systemPackages = [ cups ];
 
-    services.dbus.packages = [cups];
+    services.dbus.packages = [ cups ];
 
-    # cups uses libusb to talk to printers, and does not use the
+    # Cups uses libusb to talk to printers, and does not use the
     # linux kernel driver. If the driver is not in a black list, it
     # gets loaded, and then cups cannot access the printers.
     boot.blacklistedKernelModules = [ "usblp" ];
@@ -167,6 +174,13 @@
 
         TempDir ${cfg.tempDir}
 
+        # User and group used to run external programs, including
+        # those that actually send the job to the printer.  Note that
+        # Udev sets the group of printer devices to `lp', so we want
+        # these programs to run as `lp' as well.
+        User cups
+        Group lp
+
         Browsing On
         BrowseOrder allow,deny
         BrowseAllow @LOCAL
_______________________________________________
nix-commits mailing list
[email protected]
http://mail.cs.uu.nl/mailman/listinfo/nix-commits

Reply via email to