Bug#483205: [Pkg-hpijs-devel] hplip: group scanner requirements.

[Till Kamppeter <till.kamppeter@gmail.com>]

I think it is not good to put users into the "lp" group so that they can 
use the hp-toolbox. Members of the "lp" group can read other user's 
print jobs.

It should be introduced a new group for user access to desktop 
peripherals. Only desktop users (not system users like "lp") should be 
member of this group so that they can scan, see ink levels, and do other 
desktop peripheral access tasks.

The admin or the distro could decide to have all desktop users in this 
group or only the one user currently logged in to the desktop.

   Till

Mark Purcell wrote:
> Till,
>
> With reference to our earlier discussion (below) we have been having further discussion about the udev rules in the pkg-hpijs mailing list.
>
> The outcome i think is that I may change the udev rule to set permissions to lp.lp and drop the whole idea of using group scanner. Also we won't set MODE as udev defaults are sane 0664.
>
> I just wanted to check that this won't cause you any issues.
>
> Mark
>
>
>
> -original message-
> Subject: Re: [Pkg-hpijs-devel] hplip: group scanner requirements.
> From: Till Kamppeter <till.kamppeter@gmail.com>
> Date: 24/06/2008 12:13
>
> Mark Purcell wrote:
> > On Sun, 22 Jun 2008, you wrote:
> > > > I was just also receiving a code=12 error message and by adding myself to
> > > > the scanner group. I am now able to access the device correctly through
> > > > hp-toolbox.
> > > Yes, this fixed the problem.
> > > code=12 was a bit obtuse for "you are not a member of the group scanner"
> > Arthur,
> >
> > Excellent, glad we have made some progress. But you are right the error 
> > message isn't sensible and the scanner group doesn't make sense for running 
> > hp-toolbox.  The reason is that the USB device ownership is set lp.scanner, 
> > this is a Debian/ Ubuntu modification.
> >
> > Till, the upstream file ./data/rules/55-hpmud.rules sets the USB device 
> > OWNER="root", GROUP="lp", whilst the debian/ubuntu version 
> > debian/55-hpmud.rules sets OWNER="lp", GROUP="scanner".
> >
> > This has the effect that everyone trying to use hplip needs to be a member of 
> > group scanner to use things such as hp-toolbox, rather than the expected lp 
> > group. How would you feel if  we reverted 55-hpmud.rules back to the upstream 
> > default of OWNER="root", GROUP="lp".
>
> Ubuntu from Hardy on sets ACLs for these files to make them always 
> read/write accessible for the user currently logged in on the desktop. 
> Adding users to a group, like "scanner", is only needed if one wants to 
> grant access to users who log in by ssh, VNC, NX, ...
>
> So for the standard configuration it does not matter whether the 
> ownerships allow access for members of the group scanner. What is always 
> important is to allow access for the "lp" user, so that CUPS can print. 
> And this is also fulfilled with OWNER="root", GROUP="lp".
>
>     Till