[sane-devel] Trust Easy connect 9600 plus howto

Henning Meier-Geinitz henning@meier-geinitz.de
Mon, 24 Jun 2002 22:25:07 +0200


On Mon, Jun 24, 2002 at 10:24:45AM +0200, Jan Keirse wrote:
> > Concerning your security concerns: ususally saned shouldn't be started
> > as root but in your case you have no choice. So it's ok provided you
> > deny access from outside and trust your local users.
> I see, but would it not be possible to chown (or chgrp) the /dev/lp0 or
> wherever the scanner is to a new group/user and run the server as this new
> group/user? (I don't know, I thought this was possible, but I'm not sure)

At least if /dev/port is used this doesn't work. You really need to be
root to access /dev/port, even if it has permission rw-rw-rw-. This
was changed in the Linux kernel some time ago.

> > Just nitpicking: with /etc/init.d/inetd restart only inetd is rstarted
> > (something like "killall -HUP inetd), saned is only started when a
> > request to port 6566 is received.
> Ow, I didn't know that, so what you're saying is that the servers in inetd
> are only started when they are needed and or not active otherwise?

Correct. Inetd listens on the ports and starts one daemon for every
connection request. The daemons don't need to know about networking at
all, they just use stdout.