FreeBSD 8 and HPLIP

Marcin Wisnicki mwisnicki+freebsd at gmail.com
Tue Apr 13 01:35:05 UTC 2010 

On Tue, 13 Apr 2010 01:24:16 +0200, Julian Wissmann wrote:

> Hi,
> I have FreeBSD 8-p2 with CUPS1.4.2 and HPLIP 3.9.8 running. My problem
> is that I can't get hplip running for normal users. It detects my
> printer (HP OJ-Pro 7480) when I run hp-check as root. But it won't work
> for my regular user account. I've read another thread about it on the
> list and tried what was supplied there but it doesn't work for me.
> Basically what happens is that the hp gui tool shows a configuration
> error and CUPS's hp-backend shows this:
> ➜ ~ /usr/local/libexec/cups/backend/hp direct hp "Unknown" "HP Printer
> (HPLIP)" While it probably should show:
> ➜ ~ sudo /usr/local/libexec/cups/backend/hp direct
> hp:/usb/Officejet_Pro_L7400?serial=MY82S1519Z "HP Officejet Pro L7400"
> "HP Officejet Pro L7400 USB MY82S1519Z HPLIP" "MFG:HP;MDL:Officejet Pro
> L7400;CLS:PRINTER;DES:Officejet Pro L7400;SN:MY82S1519Z;"
> 
> This is from my devfs.rules:
> [system=10]
> add path 'usb*' mode 0660
            ^^^
This is your problem. You are denying access to /dev/usb directory for 'others',
as evidenced few paragraphs below where you can't ls /dev/usb. Default mode is 555.
Just remove this rule.

> add path 'usb/3.2*' mode 0660 group cups add path 'ugen3.2*' mode 0660 group cups
> 
> This is from my rc.conf:
> cupsd_enable="YES"
> hpiod_enable="YES"
> hpssd_enable="YES"
> 

There is no hpiod anymore. Also hpssd shouldn't have a start script as it is not designed
to work as system daemon - you should see some warnings/errors that it cannot start.
It is safe to remove both. Just cups_enable=yes is fine.

My complete working setup for Deskjet Ink Advantage K209a is below:

> rc.conf:
cups_enable="YES"

> /etc/devd/hplip.conf
# HP All-in-one device
attach 100 {
        match "vendor"  "0x03f0";
        match "product" "0x..11";
        action "chown cups:cups /dev/usb/`echo $device-name | tr -d ugen`.*; \
                chmod 660 /dev/usb/`echo $device-name | tr -d ugen`.*";


End of example.

Where $device-name might have a value like "ugen3.2".
This is better approach than devfs.rules where you need to hardcode
device names that can easily change. Just adjust product id.
You can get them with `usbconfig -d ugen3.2 dump_device_desc | grep id`
Format of this file is documented in devd.conf(5).

In my case it results in this:
dr-xr-xr-x 2 root wheel 512 Apr  3 18:26:31 2010 /dev/usb
crw-r--r-- 1 root operator 0,61 Apr  3 18:26:24 2010 /dev/usbctl
crw-rw---- 1 cups cups 0,161 Apr  3 18:26:31 2010 /dev/usb/3.5.0
crw-rw---- 1 cups cups 0,163 Apr  3 18:26:31 2010 /dev/usb/3.5.1
crw-rw---- 1 cups cups 0,164 Apr  3 18:26:31 2010 /dev/usb/3.5.2
crw-rw---- 1 cups cups 0,165 Apr  3 18:26:31 2010 /dev/usb/3.5.6
crw-rw---- 1 cups cups 0,166 Apr  3 18:26:31 2010 /dev/usb/3.5.7
crw-rw---- 1 cups cups 0,167 Apr  3 18:26:31 2010 /dev/usb/3.5.8
crw-rw---- 1 cups cups 0,168 Apr  3 18:26:31 2010 /dev/usb/3.5.9

Only access to usb/3.5.* is needed.

BTW group does not matter to cupsd since it does not run with it's primary group :(
Group access is handy if your device also has a scanner.
Then local scanning will be possible if your user can access devices,
by membership in this group.

I should probably create 'scanner' group and use group:scanner,
then add every user to scanner group instead of adding them to
cups to get scanner access.

Also for network scanning:
# cat /etc/inetd.conf | grep sane
# TODO use saned:scanner instead of cups:cups
sane-port       stream  tcp     nowait  cups:cups       /usr/local/sbin/saned   saned

Then set authorization and/or authentication in /usr/local/etc/sane.d/saned.conf

> Relevant stuff from /dev:
> ➜ ~ ls -la /dev/ugen*
> lrw-rw-rw- 1 root operator 9 13 Apr 00:32 /dev/ugen3.1 -> usb/3.1.0
> lrw-rw-rw- 1 cups operator 9 13 Apr 00:32 /dev/ugen3.2 -> usb/3.2.0
> 
> /dev/usb:
> ls: .: Permission denied
> ls: ..: Permission denied
> ls: 3.1.0: Permission denied
> ls: 3.1.1: Permission denied
> ls: 3.2.0: Permission denied
> ls: 3.2.1: Permission denied
> ls: 3.2.10: Permission denied
> ls: 3.2.11: Permission denied
> ...
> 
> ➜ ~ sudo ls -la /dev/usb*
> Password:
> crw-rw-rw- 1 root operator 0, 73 13 Apr 00:32 /dev/usbctl
> 
> /dev/usb:
> total 2
> drw-rw-rw- 2 root operator 512 13 Apr 00:32 . 
> dr-xr-xr-x 7 root wheel 512 13 Apr 00:32 .. 
> crw-rw-rw- 1 root operator 0, 82 13 Apr 00:32 3.1.0
> crw-rw-rw- 1 root operator 0, 95 13 Apr 00:32 3.1.1
> crw-rw-rw- 1 cups operator 0, 116 13 Apr 00:32 3.2.0
> crw-rw-rw- 1 cups operator 0, 121 13 Apr 00:32 3.2.1
> crw-rw-rw- 1 cups operator 0, 126 13 Apr 00:32 3.2.10
> crw-rw-rw- 1 cups operator 0, 127 13 Apr 00:32 3.2.11
> crw-rw-rw- 1 cups operator 0, 122 13 Apr 00:32 3.2.2
> crw-rw-rw- 1 cups operator 0, 123 13 Apr 00:32 3.2.3
> crw-rw-rw- 1 cups operator 0, 124 13 Apr 00:32 3.2.7
> crw-rw-rw- 1 cups operator 0, 125 13 Apr 00:32 3.2.8 ...
> 
> ➜ ~ dmesg | grep ugen
> ugen0.1: <Intel> at usbus0
> ugen1.1: <Intel> at usbus1
> ugen2.1: <Intel> at usbus2
> ugen3.1: <Intel> at usbus3
> ugen4.1: <Intel> at usbus4
> ugen5.1: <Intel> at usbus5
> ugen6.1: <Intel> at usbus6
> ugen7.1: <Intel> at usbus7
> ugen7.2: <vendor 0x03f0> at usbus7
> ugen3.2: <HP> at usbus3
> ugen7.3: <Apple Inc.> at usbus7
> ugen2.2: <Logitech> at usbus2
> ugen7.4: <Apple Inc.> at usbus7
> 
> What am I missing here? I've been messing around with this for quite a
> while now and I don't see whats wrong here.
> 
> Regards,
> Julian Wissmann

More information about the freebsd-usb mailing list