FS#42723 - [cups] Some printers are not detected.
Attached to Project:
Arch Linux
Opened by Olivier (olive) - Sunday, 09 November 2014, 10:25 GMT
Last edited by Andreas Radke (AndyRTR) - Saturday, 18 April 2015, 07:44 GMT
Opened by Olivier (olive) - Sunday, 09 November 2014, 10:25 GMT
Last edited by Andreas Radke (AndyRTR) - Saturday, 18 April 2015, 07:44 GMT
|
Details
Description:
I have encountered a problem when some printer are not detected (Pixma MP270 using the gutenprint driver). After having investagated, the problem, it appears to be a permission problem. The problem can be solved by chmoding /usr/lib/cups/backend/usb: chmod 0700 /usr/lib/cups/backend/usb This force cups to execute the usb backend as root, which solves all problems. Very strangely this problem is not completely reproducible and seems to appear only with some printers. I have encountered the problem since the usb start using libusb instead of usblp. Because I only have usb printers I cannot really tell what happens with other printers (parallel/serial). But I see that cups does not propose serial/parallel unless the corresponding backends are chmoded 0700. Additional info: * package version(s) 2.0.0-2 and 1.7.x * config and/or log files etc. Steps to reproduce: |
This task depends upon
Closed by Andreas Radke (AndyRTR)
Saturday, 18 April 2015, 07:44 GMT
Reason for closing: No response
Saturday, 18 April 2015, 07:44 GMT
Reason for closing: No response
FS#40937is your problem.Here is how I understand the situation. In the default archlinux config cupsd is run as root (and I think it is OK). But cupsd run its backends as another user (I think it is nobody or lp) unless the backend has no group or other permission. So if the usb backend is to be run as root it must have 0700 or 0500 permission. This is explained here: http://www.cups.org/documentation.php/man-backend.html (in the permission section) and also here: http://www.cups.org/documentation.php/api-filter.html#PERMISSIONS . What I say for the usb backend is of course valid for other backends too. Now it is well possible that it would be better, for security reason to not run the usb backend as root. But then, we would have to allow it to access some resource it is not currently allowed to access, but I do not know which ones precisely.
# Default user and group for filters/backends/helper programs; this cannot be
# any user or group that resolves to ID 0 for security reasons...
#User daemon
#Group lp
Your solution to access the backend as root is highly insecure and so is no solution. You seem to have broken your setup in a different way.