On Sat, Oct 20, 2018 at 09:36:57PM +0300, Oleg Pykhalov wrote: > Hello Guix, > > I've spotted a bug in CUPS service “Can't create temporary file”. If I > gave ‘765’ permissions to ‘/var/spool/cups/tmp/’ directory then an error > is “stopped "Filter failed"”. ‘777’ for /var/spool/cups/tmp/ is > required to print a test page via CUPS WEB interface. > > > I read gnu/services/cups.scm and found that the /var/spool/cups/ > directory should be owned by ‘lp’ user: > --8<---------------cut here---------------start------------->8--- > (define %cups-activation > ;; Activation gexp. > (with-imported-modules '((guix build utils)) > #~(begin > (use-modules (guix build utils)) > (define (mkdir-p/perms directory owner perms) > (mkdir-p directory) > (chown "/var/run/cups" (passwd:uid owner) (passwd:gid owner)) > ;; ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > (chmod directory perms)) > ;; … > (let ((user (getpwnam "lp"))) > ;; … > (mkdir-p/perms "/var/spool/cups/tmp" user #o755) ; <---------- > ;; … > )))) > --8<---------------cut here---------------end--------------->8--- > > > Maybe we should make /var/spool/cups/tmp directory owned by ‘lp’ user, > too? WDYT? currently /var/spool/cups is root:lp, my first thought is to change it to lp:lpadmin (not sure where I got lpadmin from) and make it 775. > > Test page was printed successfully with: > --8<---------------cut here---------------start------------->8--- > $ sudo ls -ld /var/spool/cups/tmp > drwxr-xr-x 2 lp lp 4096 Oct 20 21:20 /var/spool/cups/tmp > --8<---------------cut here---------------end--------------->8--- > > > From cups-files.conf(5) man page: > > TempDir directory > Specifies the directory where short-term temporary files are > stored. The default is "/var/spool/cups/tmp". > > User username > Specifies the user name or ID that is used when running external > programs. The default is "lp". > > > Oleg. -- Efraim Flashner אפרים פלשנר GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted