I'm using a Phytec PCM-052 development kit with Timesys embedded Linux 3.0.13 and I'm trying to get CUPS 1.5.3 working. I've come pretty far. I can print postscript on our network printer, and I can manually pipe files through the filter chain to get a .pclx file that I can print on a USB printer. However, when I use the same filter chain from within the cupsd daemon, the filters exit with the satus "permission denied":
PID 799 (rastertopclx) stopped with status 113 (Permission denied)
How to reproduce:
- build the Timesys toolchain with cups, ghostscript, libusb and kernel usb printing support enabled
- the build stops with errors because of multiply defined symbols. Comment out "typedef signed long long int64_t"; in /ghostscript-9.05/base/stdint_.h and "struct timeval" { in /ghostscript-9.05/base/time_.h to fix the build !
- install the bootloader, kernel and rootfs on an SD card and start the PCM-052
- plug a USB printer into USB0
# echo hello > bla.txt
# cat bla.txt > /dev/usb/lp0
- the printer prints "hello", now let's use CUPS
# lpadmin -p printer_name -E -v parallel:/dev/usb/lp0
- usb:/dev/usb/lp0 URI doesn't work, I don't know why it works with parallel
# export LPDEST=printer_name
# chmod 0700 /usr/lib/cups/backend/parallel
- the backends come with 755 permissions after a fresh install, this doesn't work for some reason. Lowering the permissions to 0700 fixes it
# lpr bla.txt
- the printer prints "hello", now let's use the cups filters to print postscript
# lpadmin -x printer_name
# lpadmin -p printer_name -E -v parallel:/dev/usb/lp0 -P /usr/share/cups/model/pxlmono.ppd
- a standard PPD file that comes with the installation, for our printer we have a PPD provided by the manufacturer
# vi /etc/cups/cupsd.conf
- set LogLevel to debug2
# reboot
# export LPDEST=printer_name
# lpr bla.txt
- nothing is printed
# cat /var/log/cups/error_log | tail -n 200
- somewhere in the output you'll find the error messages from the filters: PID 799 (rastertopclx) stopped with status 113 (Permission denied), the same for the other filters in the chain.
If I manually call the filter chain and convert bla.txt to bla.ps to bla.raster to bla.pclx, I can "lpr bla.pclx" to print a "hello" in the font defined by the PPD file. The filters work fine, but not from within cupsd.
From what I've learned from the CUPS documentation (Filter and Backend Programming - CUPS.org ) the filters run as user "lp". I first thought they try to open some files, like the PPD or cupsd.conf, and don't have the permissions to do so. But replacing the filters with an executable that simply returns 0 gives the same error message in /var/log/cups/error_log. I've tried changing permissions of all CUPS related files and directories to 700, 755, 555, but I got the same result. Changing permissions to 0777 produces an "inscure filter permissions" error in /var/log/cups/error_log. I've also tried changing user and group of all CUPS related files and directories to "lp", same result.
Does anybody have CUPS from the Timesys distribution running?
Solved! Go to Solution.
I have got it working now. The problem was that all files in /lib had 0700 permissions. Looks like CUPS depends on some of these libraries and couldn't use them when it forked to a non-root user. After changing all files in /lib to 0755 CUPS works as expected. Thanks for all the support!
I have got it working now. The problem was that all files in /lib had 0700 permissions. Looks like CUPS depends on some of these libraries and couldn't use them when it forked to a non-root user. After changing all files in /lib to 0755 CUPS works as expected. Thanks for all the support!
Hello Gregory,
I've CUPS printing system that works, but there's many problems to solve.
- to build ghostscript you have to apply ghostscript-9.05-enable-systime.patch
- don't forget to check "Install cups to Toolchain" in menuconfig
- compile CUPS before ghostscript
- add "--with-docdir=/usr/share/cups/doc-root" to cups config options to have full CUPS web page administration.
- in my case, to solve USB printer permissions problems, I replaced mdev by udev with a printer rule (ATTR{bDeviceClass}=="00", MODE:="666", GROUP:="root"), then lpinfo -v gives :
direct usb://HP/LaserJet%20P2015%20Series?serial=xxxxxxx
- to solve some usb back-end problems, apply a set of patch found in ubuntu 12.04LTS.
- add "--with-docdir=/usr/share/cups/doc-root" to cups config options to have full CUPS web page administration.
- add your user to lp group if you want to use administration web page
it should work.
Now I can print with high quality on many USB or network printers from my Qt application.
Emmanuel
Hello Emmanual
Thanks for the reply. I'm glad to hear you got it working. Your other post (How to setup basic USB printing system with LPD / Qt on Vybrid ) helped me get printing to work at all. I thought you had given up on CUPS and sticked with lpd. What board are you using, and which kernel version and CUPS version?
I have installed udev and added the rule from your post. At first it didn't change anything, but when I "chmod 0700 /usr/lib/backend/usb", lpinfo -v gave me:
direct usb://GeBE/USB%20Printer%20N78
I installed the printer with this URI without a PPD file, and I was able to print text. But when I installed it with my PPD, I got the same permission denied errors from the filters.
Then I applied the Ubuntu patches, but same result. I still need to chmod 0700 the USB backend, and the filters throw the same permission denied errors.
I've also tried it with a network printer. I need to chmod 0700 the socket backend. It prints postscript when installed without a PPD, but with a PPD the filters throw permission denied.
I've seen forum posts of Desktop Linux users with the same problem. In their case AppArmor caused the problem. I've checked the kernel config, but AppArmor is not installed. Is there another security feature in the Timesys Linux that might cause this problem?
Emmanuel, what does your /etc/cups/cupsd.conf look like?
Best regards
Michael
Hello Michael,
usb back-end permission looks like this :
stat /usr/lib/cups/backend/usb
File: '/usr/lib/cups/backend/usb' Size: 26700 Blocks: 56 IO Block: 4096 regular file Device: dh/13d Inode: 6554 Links: 1 Access: (0755/-rwxr-xr-x) Uid: ( 0/ root) Gid: ( 0/ root)
and the same for other back-ends.
Maybe your problem depends on how you installed the root file system, in my case the RFS is in NAND flash on UBI file system
Have a look to your timeSys factory build to see if permissions are Ok, if not try to clean and rebuild your RFS.
In my cupd.conf, I only enable remote configuration with web page.
Regards,
Emmanuel
You're right, there's something wrong with the permissions in my rfs. No user but root can execute any program:
# su test
su: can't execute '/bin/sh': Permission denied
How can I check the rfs permissions in the Timesys factory?
I can make CUPS run on my system by commenting out line 519 in scheduler/process.c:
if (!RunUser && user && setuid(user)) |
But that's not the way to go. I need to fix the rfs permissions.
Hello,
We would ask that you please open a ticket (if you have haven't already) in our support queue for this issue, as it's mostly Timesys Factory related. If we can review your build, and reproduce the issues, we can assist there.
By default, a Timesys Factory installs a rootfs owned by root, and unless configured otherwise at build time, only provides a root user.
Please login to LinuxLink here: http://linuxlink.timesys.com and click the "Support" link to submit a new request.
Thank you,
Timesys Support
timesyssupport can you help here?
Hello Emmanuel,
Thanks again for your answer. I have etx2 on an SD card, rootfs is rw. I just reinstalled the factory, rebuilt everything from scratch, copied bootloader, kernel and rootfs to the SD card, same error. Trying ubifs was on my TODO list anyway, so I just flashed rootfs.ubi and booted it. It's exactly the same as when I boot from the SD card (0700 backend required, permission denied from filters). Our cupsd.conf are identical except for your changes to enable the web interface.
One more interesting thing: When I chmod 0755 the backend, it throws the same error as the filters:
PID 912 (/usr/lib/cups/backend/parallel) stopped with status 113 (Permission denied)
Just setting the filters to 0700 doesn't help. Maybe there's another file with 0755 permission that cups tries to open. I wonder how it is possible at all that I can get rid of a "permission denied" error by lowering file permissions.