[sane-devel] Saned and root privileges ????
ToddAndMargo
ToddAndMargo at zoho.com
Sat Mar 10 20:44:22 UTC 2018
On 03/10/2018 12:23 PM, ToddAndMargo wrote:
> On 03/10/2018 09:22 AM, Andrew Goodbody wrote:
>>
>>
>> On 10/03/18 11:17, ToddAndMargo wrote:
>>> On 03/10/2018 03:06 AM, Andrew Goodbody wrote:
>>>> On 10/03/18 04:59, ToddAndMargo wrote:
>>>>> On 03/09/2018 12:53 PM, ToddAndMargo wrote:
>>>>>> Hi All,
>>>>>>
>>>>>> Okay, now this is "scary".
>>>>>>
>>>>>> Both xsane and Simple Scan work locally.
>>>>>>
>>>>>> I can not get saned to work, UNLESS, I edit /etc/group
>>>>>> and add the following to root
>>>>>>
>>>>>> root:x:0:saned
>>>>>>
>>>>>> Without it, I get
>>>>>>
>>>>>> $ xsane net:localhost:epkowa:interpreter:001:007
>>>>>> Access to resource has been denied
>>>>>>
>>>>>> Now what am I doing wrong? Must saned have root privileges?
>>>>>>
>>>>>> Many thanks,
>>>>>> -T
>>>>>
>>>>> I just caught this:
>>>>>
>>>>> $ ps -eo pid,user,group,args --sort user | grep cups
>>>>> 5005 root root /usr/sbin/cupsd -l
>>>>>
>>>>> CUPS "is" running as root. So is it okay to add
>>>>> saned to root's group?
>>>>
>>>> No, of course not, that's a huge security hole. Just because cups
>>>> does it is no indication that saned should.
>>>>
>>>> The problem could well be that the user saned does not have access
>>>> to your scanner. So check that saned is a member of whichever group
>>>> can access your scanner device. This may be 'scanner'.
>>>>
>>>> Andrew
>>>
>>> find /dev -iname \*scanner\*
>>> <nothing>
>>
>> Please keep this on the list.
>>
>> What do the commands
>>
>> lsusb -s 001:007
>>
>> and
>>
>> ls -l /dev/bus/usb/001/007
>>
>> return?
>>
>> Andrew
>
> $ scanimage -L
> device `epkowa:interpreter:001:007' is a Epson Perfection V300 flatbed
> scanner
>
> $ lsusb -s 001:007
> Bus 001 Device 007: ID 04b8:0131 Seiko Epson Corp. GT-F720
> [GT-S620/Perfection V30/V300 Photo]
>
> $ ls -l /dev/bus/usb/001/007
> crw-rw-r--+ 1 root root 189, 6 Mar 10 12:03 /dev/bus/usb/001/007
>
> $ ls -l /usr/lib/udev/rules.d | grep -i sane
> -rw-r--r--. 1 root root 3934 Mar 9 12:21 65-sane-backends.rules
>
> The following temporarily fixes the issue (saned removed from
> root and a test to verify `xsane net:localhost` crashes before
> throwing the following):
>
> # chown saned.saned ls -l /dev/bus/usb/001/007
>
> But the scanner does not always mount on 001:007.
> Power it off and back on and it mounts on 001:008, etc.
>
>
> Does this lead us to a fix?
>
> Many thanks,
> -T
Now it has decided to give the list precedence!
Over on
https://bugzilla.redhat.com/show_bug.cgi?id=1091566#c8
2. Permissions must be given to the saned user to access scanners.
I don't have any scanners to test, but the following should work:
# /usr/lib/udev/rules.d/70-saned.rules
ACTION=="add", ENV{libsane_matched}=="yes", GROUP="saned",
MODE="0660"
Is this something I should add to
/usr/lib/udev/rules.d/65-sane-backends.rules
?
More information about the sane-devel
mailing list