diff options
author | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2010-08-06 14:52:09 +0000 |
---|---|---|
committer | Eelco Dolstra <eelco.dolstra@logicblox.com> | 2010-08-06 14:52:09 +0000 |
commit | ea49707f85a880493b453a331d67259ad30cf3b4 (patch) | |
tree | f3b74a1063aff349e036a2179a4cc0137f6cf059 /modules | |
parent | 6c8c1f935ab503d4af2a4072a76de895925e3169 (diff) | |
download | nixlib-ea49707f85a880493b453a331d67259ad30cf3b4.tar nixlib-ea49707f85a880493b453a331d67259ad30cf3b4.tar.gz nixlib-ea49707f85a880493b453a331d67259ad30cf3b4.tar.bz2 nixlib-ea49707f85a880493b453a331d67259ad30cf3b4.tar.lz nixlib-ea49707f85a880493b453a331d67259ad30cf3b4.tar.xz nixlib-ea49707f85a880493b453a331d67259ad30cf3b4.tar.zst nixlib-ea49707f85a880493b453a331d67259ad30cf3b4.zip |
* Run CUPS' external programs in the "lp" group so that they can
access printer devices in /dev. Also use a "cups" user instead of "nobody". svn path=/nixos/trunk/; revision=23003
Diffstat (limited to 'modules')
-rw-r--r-- | modules/misc/ids.nix | 3 | ||||
-rw-r--r-- | modules/services/printing/cupsd.nix | 20 |
2 files changed, 19 insertions, 4 deletions
diff --git a/modules/misc/ids.nix b/modules/misc/ids.nix index 8d516946868a..11f41aa08276 100644 --- a/modules/misc/ids.nix +++ b/modules/misc/ids.nix @@ -54,7 +54,8 @@ in privoxy = 32; osgi = 34; sabnzbd = 33; - tor = 35; + tor = 35; + cups = 36; # When adding a uid, make sure it doesn't match an existing gid. nixbld = 30000; # start of range of uids diff --git a/modules/services/printing/cupsd.nix b/modules/services/printing/cupsd.nix index 0ac52fe10387..8599512a5f59 100644 --- a/modules/services/printing/cupsd.nix +++ b/modules/services/printing/cupsd.nix @@ -102,11 +102,18 @@ in config = mkIf config.services.printing.enable { - environment.systemPackages = [cups]; + users.extraUsers = singleton + { name = "cups"; + uid = config.ids.uids.cups; + group = "lp"; + description = "CUPS printing services"; + }; + + environment.systemPackages = [ cups ]; - services.dbus.packages = [cups]; + services.dbus.packages = [ cups ]; - # cups uses libusb to talk to printers, and does not use the + # Cups uses libusb to talk to printers, and does not use the # linux kernel driver. If the driver is not in a black list, it # gets loaded, and then cups cannot access the printers. boot.blacklistedKernelModules = [ "usblp" ]; @@ -167,6 +174,13 @@ in TempDir ${cfg.tempDir} + # User and group used to run external programs, including + # those that actually send the job to the printer. Note that + # Udev sets the group of printer devices to `lp', so we want + # these programs to run as `lp' as well. + User cups + Group lp + Browsing On BrowseOrder allow,deny BrowseAllow @LOCAL |