Bug#702227: Permission of the backend too strict for a backend chain (beh, jasmine)
> > Ok for 'jasmine', but 'beh' is a rather ''standard'' backend, that i
> > use extensively for some ''broken'' printers or print servers... very
> > useful if you don't want to be called on saturday morning at home...
> Is 'beh' not working correctly when used as printer backend?
?! Sorry, i've really not understood your question...
'beh' (in package foomatic-filters) it is a simple perl script that
change the behaviour of the cups queue management: some printers
(mostly USB, but also some networked one) are broken, reply to cups
backend in some strange way and cups (correctly) disable the queue (put
the printer queue in pause).
'beh' simply ignore backend error, do some retry, and then discard the
print.
It is some sort of ''last resort'' for some situation, but because
restarting a printer queue is a privileged operation, it is very handy
in a 'non-personal computing' setup.
> Quoting Till on that one:
> > access (files, network resources). Opening up the permissions so that "lp"
> > can run the backends makes the backends stop working. What alwyas works
> > would be setting the wrapper backends 750 root.root, but this can lead to
> > some non-root backends being run as root.
also 'jasmine' backend is a perl script, but to make it run i do:
cd /usr/lib/cups/backend-available
chown .lp dnssd http ipp lpd serial usb
chmod 751 dnssd http ipp lpd
chmod 554 serial usb
and all the printer, eg:
neuromante:~# grep jasmine /etc/cups/printers.conf
DeviceURI jasmine:ipp://arcdisanmarc/ipp
DeviceURI jasmine:ipp://arcoiris/ipp
DeviceURI jasmine:socket://i3pps-1:9102
DeviceURI jasmine:ipp://elladan/printer
DeviceURI jasmine:ipp://elrohir/printer
DeviceURI jasmine:socket://hp4000
DeviceURI jasmine:socket://hpljp2055-1
DeviceURI jasmine:socket://hpljp2055-2
DeviceURI jasmine:socket://hpljp3015-1
DeviceURI jasmine:ipp://kmmc4650dn/ipp
DeviceURI jasmine:socket://i3pps-1:9103
DeviceURI jasmine:socket://10.5.1.235
DeviceURI jasmine:ipp://sscx4833fd-1/printer
works like a charme. My currently permission setup is:
neuromante:~# ls -la /usr/lib/cups/backend
totale 400
drwxr-xr-x 2 root root 4096 3 mar 20.23 .
drwxr-xr-x 10 root root 4096 22 dic 2009 ..
-rwxr-xr-x 1 root root 7250 6 mar 2012 beh
-rwx------ 1 root root 22320 18 giu 2010 cups-pdf
-rwxr-x--x 2 root lp 18352 12 gen 18.11 dnssd
-rwxr-xr-x 1 root root 16968 3 dic 2011 hp
-rwxr-xr-x 1 root root 8393 3 dic 2011 hpfax
-rwxr-x--x 3 root lp 48160 12 gen 18.11 http
-rwxr-x--x 3 root lp 48160 12 gen 18.11 ipp
-rwxr-x--- 1 root lp 20395 5 nov 12.01 jasmine
-rwxr-x--x 2 root lp 44056 12 gen 18.11 lpd
-rwxr-xr-x 1 root root 4988 2 nov 19.14 mailto
-r-xr-xr-x 2 root root 30728 12 gen 18.11 parallel
lrwxrwxrwx 1 root root 21 5 feb 20.28 smb -> ../../../bin/smbspool
-r-xr-xr-x 2 root root 26544 12 gen 18.11 snmp
-r-xr-xr-x 2 root root 34824 12 gen 18.11 socket
-r-xr-xr-- 2 root lp 43016 12 gen 18.11 usb
'jasmine' cointain the password for the mysql db, so it is 750.
> So, as I would rather not try to fix something not broken for most standard
> Debian uses, and as I haven't been convinced that fixing that is an
> improvement over the current situation, I'm hereby tagging this bug as
> wontfix.
Probably i'm missing something. But i'm only trying to understand...
PS: there's some sort of doc, manual, HOWTO, REDAME... that explain
backend permission setup?
Reply to: