Can't access spool folder
Helge Blischke
h.blischke at acm.org
Tue Jun 29 10:20:06 PDT 2010
Daniel Stoeck wrote:
>> Daniel Stoeck wrote:
>>
>> > Hi there,
>> >
>> > I am using Helge Blischke's prtofile backend and when I try to print I
>> > get an error message like this: "/private/var/spool/cups/c00061: No
>> > such file or directory"
>> >
>> > /private/var/spool/cups has 710 permissions and belongs to root:_lp
>> > /private/var/spool/cups/c00061 has 600 permissions and belongs to
>> > root:_lp (61 is the jobid)
>> >
>> > Obviously the printer cannot spool into its spool directory. But how
>> > can I avoid this permission issue?
>> >
>> > The backend has 700 permissions to make it run as root.
>> > The Device_URI is "prtofile:///Volumes/MacHD/output/ps/"
>> > The given PPD is the common Adobe Distiller PPD
>> >
>> > Why does the printer not have permission to write into its spool
>> > folder? Can I just change the permissions of the spool folder to
>> > anything else to fix this?
>> >
>> > Greetings from Germany,
>> > Daniel
>>
>> Hi Daniel,
>>
>> I suppose on Snow Leopard, CUPS and/or components of it are running in a
>> sandbox.
>> Search your system for things like cupsd.sb or xxx.sb (xxx the name of
>> one of the standard backends of CUPS) and use that as a template for a
>> sandbox profile for prtofile. The current version needs read access to
>> the CUPS spool directory to get the value of the job-originating-hostname
>> attribute.
>>
>> If you are not sure what to do, you could mail the sb files of interest
>> for me to look into.
>>
>> Helge
>>
>
> Hi Helge,
>
> I found /usr/share/sandbox/ as the default folder for sandbox profiles on
> my Snow Leopard Server. There are several *.sb files in this folder, but I
> cannot identify one that belongs to cups. (to duplicate it for the custom
> backend).
>
> A list of all *.sb profiles I found:
>
> bsd.sb
> mDNSResponder.sb
> quicklookd-job-creation.sb
> xgridagentd_task_nobody.sb
> cvmsCompAgent.sb
> mds.sb
> quicklookd.sb
> xgridagentd_task_somebody.sb
> cvmsServer.sb
> mdworker.sb
> serialnumberd.sb
> xgridcontrollerd.sb
> fontmover.sb
> named.sb
> sshd.sb
> kadmind.sb
> ntpd.sb
> syslogd.sb
> krb5kdc.sb
> portmap.sb
> xgridagentd.sb
>
> Do I just need read access to the parent directory of my spool folder?
> Nothing else?
>
> Daniel
Well, I downloaded the sources of 1.4.x (1.4.4 in fact) and found (thanks to
a post of Michael Sweet somewhere else) that the scheduler itself generates
a fairly restrictive sandbox profile for every filter/backend subprocess it
forks.
This profile permits reading the data file in the spool directory but not
the control file.
So there are three alternatives to settle down that issue:
(1) Adding the commandline option "-P" in
/System/Library/LaunchDaemons/org.cups.cupsd.plist
(which disables sandboxing completely but is not recommended)
(2) Recompiling CUPS freom the sources after modifying the file
scheduler/process.c
accordingly (be sure to configure the compilation process as to
compile both architectures (i386 and ppc) and replace only the cupsd
executable (all other stuff unchanged).
(3) Wait a couple of days for an updated version of my backend that no
longer reads the control file but links to libcups.dylib (via the Perl
inline package, which needs to be installed separately).
As for the target directories, I'd recommend to write to a directory tree
under "/private/", which seems to be permitted, and either move the data to
the final destination by a postprocessing command or by setting symbolic
links appropriately.
Let me know which of these solution you prefer (for me to be able to adjust
my time schedule accordingly).
Helge
More information about the cups
mailing list