[sane-devel] well, I'm a retrurning user of sane... got some questions.

technomage technomage-hawke@cox.net
Fri, 23 May 2003 14:18:07 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

well, I got it solved.
right now, its under user/group nobody (this is inside a lan and the port that 
is uses is protected at the firewall machine, so no one outside the lan can 
use it).

finally got it working last night. the user existed, but the group did not. 
use of the groupadd --system-account command worked wonders at solving this.

in any case, thanks for the help.

as a suggestion, the mailing list needs to be reconfigured to have a reply-to 
field added. when I hit reply, its generally to the users, not the list.

thanks..

Mage

On Friday 23 May 2003 06:42 am, Brian K. White wrote:
>
> the whole point of inetd (and later xinetd) is that the services
> themselves do not run all the time, only the one service, inetd (or
> xinetd) runs, listening on all the ports of all the services that have
> been configured in it. When something tries to open a port it recognizes,
> it starts up the appropriate service to service that one request and then
> the service goes away again.
>
> what tcp port does saned work on?
> is that port listed in /etc/services?
> .. I just looked at man saned and see it's port 6566, so,
> does /etc/services have a line like this?
>
> sane 6566/tcp
>
> run netstat -a |less
> The top of this output shows all the ports that your box is listening on,
> and all the ports that currently have active connections.
> Is the saned port listed in there as "... *.* ... LISTEN"
>
> did you try running "saned -d" manually? this runs it in a manner where
> saned itself does stay running, listening on the saned tcp port and debug
> info will show on the session where you ran it until you ctrl-c in that
> session. This will probably fail if saned is in fact correctly configured
> in xinetd because xinetd is already "occupying" the saned port and no
> other program can listen on that port until xinetd gives it up. you can
> turn off xinetd, or temporarily disable the saned config and restart
> xinetd. Then try saned -d (then try to connect)
>
> what are the contents of saned.conf?
> are the names/ip's listed in there really how your box resolves the
> various machines that try to connect?
> try putting a single "+" on a line by itself in saned.conf, since (you
> didn't say but I will presume) this is a linux box and probably you are
> running tcpd to block unsafe hosts from touching your box anyway.
> (/etc/hosts.allow /etc/hosts.deny)
>
> did you copy the sample xinetd file from the saned man page verbatim? If
> so, is there any such user and group as "saned" or did you change those to
> show names that exist on your box?

- -- 
I will not be pushed, filed, stamped, indexed, briefed, debriefed, or 
numbered!
My life is my own - No. 6
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQE+zpAPn/usgigAaLcRAhQzAJ0aS/9PKJ/LvaXpMl7iv6oeMRrI7wCeK+Mv
SEHJXvbsuB4/cUQ87TeZvvM=
=FM/k
-----END PGP SIGNATURE-----