sane config files [was [sane-devel] Infrared channel]]

m. allan noah anoah@pfeiffer.edu
Fri, 25 Feb 2005 09:52:34 -0500 (EST) 

On Fri, 25 Feb 2005, Johannes Meixner wrote:

>
> Hello,
>
> On Feb 25 09:16 m. allan noah wrote (shortened):
>> the problem with this is that doing the config as non-root would mean the
>> backend would need elevated permissions in order to write its config out into
>> /etc/...
>>
>> if the user is willing to run the front-end the first time as root, and then
>> the backend saves the config changes, that might be ok. otherwise the user
>> will have to re-config under each user account.
>
> Perhaps there was a misunderstanding.
> I do not want that any user can do config stuff via the normal
> SANE frontend - I want to avoid that this happens.
> It is perfectly o.k. when config stuff requires root privileges
> by default.
>
> Perhaps it is simplest to let root define who is allowed to do
> config stuff by setting the appropriate permissions for the
> backend config file.

i think we want to hide the config file concept from the user if possible, 
rather than require someone to change the perms.

i personally am very much in favor of per-scanner config files anyway, 
rather than per-backend, because if you do manage to solve the root 
permissions issue, then you have an all-or-nothing situation. any user 
that can change the backend config can change it for all scanners that use 
that backend.

>
> What happens when the backend runs as root (e.g. to access parallel
> port scanners as normal user via a local running saned)?
> Then a normal user would get write permission for the config file.
>

i would prefer that sane developed a way to send strong electrical shocks 
via the parallel port and put such pitiful hardware out of its misery :)

but, since we cant do that, does it make sense (somehow) for the 'closest' 
backend to be the one that saves the config? then the net backend, which 
is presumably running as the local user, will not be able to write the 
config, or if it does, just writes the config in his homedir?

i guess this is a bad idea cause it means that multiple network users of 
the same scanner will have to config separately.

what about the way pine works? there are two config files, pine.conf 
(which sets system defaults like from domain and mail servers) and 
pine.conf.fixed, that are unmodifiable by user configs. both of these 
files are just like a normal user's .pinerc

what if sane provided these config options for every user, and stored them 
in .sane/ in their homedir. then the root user (or another tool suid) 
copied one of these completed configs into /etc, and made it the system 
default? i am not sure what happens in that case to any users that have 
set their own configs, i guess the /etc configs are just the defaults?

allan

>
> Kind Regards
> Johannes Meixner
>

-- 
"so don't tell us it can't be done, putting down what you don't know.
money isn't our god, integrity will free our souls" - Max Cavalera