[sane-devel] [solved] Re: Saned and root privileges ????
ToddAndMargo
ToddAndMargo at zoho.com
Sat Mar 10 21:01:28 UTC 2018
On 03/10/2018 12:44 PM, ToddAndMargo wrote:
> On 03/10/2018 12:23 PM, ToddAndMargo wrote:
>> On 03/10/2018 09:22 AM, Andrew Goodbody wrote:
>>>
>>>
>>> On 10/03/18 11:17, ToddAndMargo wrote:
>>>> On 03/10/2018 03:06 AM, Andrew Goodbody wrote:
>>>>> On 10/03/18 04:59, ToddAndMargo wrote:
>>>>>> On 03/09/2018 12:53 PM, ToddAndMargo wrote:
>>>>>>> Hi All,
>>>>>>>
>>>>>>> Okay, now this is "scary".
>>>>>>>
>>>>>>> Both xsane and Simple Scan work locally.
>>>>>>>
>>>>>>> I can not get saned to work, UNLESS, I edit /etc/group
>>>>>>> and add the following to root
>>>>>>>
>>>>>>> root:x:0:saned
>>>>>>>
>>>>>>> Without it, I get
>>>>>>>
>>>>>>> $ xsane net:localhost:epkowa:interpreter:001:007
>>>>>>> Access to resource has been denied
>>>>>>>
>>>>>>> Now what am I doing wrong? Must saned have root privileges?
>>>>>>>
>>>>>>> Many thanks,
>>>>>>> -T
>>>>>>
>>>>>> I just caught this:
>>>>>>
>>>>>> $ ps -eo pid,user,group,args --sort user | grep cups
>>>>>> 5005 root root /usr/sbin/cupsd -l
>>>>>>
>>>>>> CUPS "is" running as root. So is it okay to add
>>>>>> saned to root's group?
>>>>>
>>>>> No, of course not, that's a huge security hole. Just because cups
>>>>> does it is no indication that saned should.
>>>>>
>>>>> The problem could well be that the user saned does not have access
>>>>> to your scanner. So check that saned is a member of whichever group
>>>>> can access your scanner device. This may be 'scanner'.
>>>>>
>>>>> Andrew
>>>>
>>>> find /dev -iname \*scanner\*
>>>> <nothing>
>>>
>>> Please keep this on the list.
>>>
>>> What do the commands
>>>
>>> lsusb -s 001:007
>>>
>>> and
>>>
>>> ls -l /dev/bus/usb/001/007
>>>
>>> return?
>>>
>>> Andrew
>>
>> $ scanimage -L
>> device `epkowa:interpreter:001:007' is a Epson Perfection V300 flatbed
>> scanner
>>
>> $ lsusb -s 001:007
>> Bus 001 Device 007: ID 04b8:0131 Seiko Epson Corp. GT-F720
>> [GT-S620/Perfection V30/V300 Photo]
>>
>> $ ls -l /dev/bus/usb/001/007
>> crw-rw-r--+ 1 root root 189, 6 Mar 10 12:03 /dev/bus/usb/001/007
>>
>> $ ls -l /usr/lib/udev/rules.d | grep -i sane
>> -rw-r--r--. 1 root root 3934 Mar 9 12:21 65-sane-backends.rules
>>
>> The following temporarily fixes the issue (saned removed from
>> root and a test to verify `xsane net:localhost` crashes before
>> throwing the following):
>>
>> # chown saned.saned ls -l /dev/bus/usb/001/007
>>
>> But the scanner does not always mount on 001:007.
>> Power it off and back on and it mounts on 001:008, etc.
>>
>>
>> Does this lead us to a fix?
>>
>> Many thanks,
>> -T
>
> Now it has decided to give the list precedence!
>
> Over on
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1091566#c8
>
> 2. Permissions must be given to the saned user to access scanners.
> I don't have any scanners to test, but the following should work:
>
> # /usr/lib/udev/rules.d/70-saned.rules
> ACTION=="add", ENV{libsane_matched}=="yes", GROUP="saned",
> MODE="0660"
>
>
> Is this something I should add to
> /usr/lib/udev/rules.d/65-sane-backends.rules
> ?
And that worked.
# rpm -qf /usr/lib/udev/rules.d/65-sane-backends.rules
sane-backends-1.0.27-12.fc27.x86_64
Ah Ha!
I just opened
https://bugzilla.redhat.com/show_bug.cgi?id=1554032
to fix this.
I have been trouybleshooting this since November
<Editorial comment> AAAAAAHHHHHHHHHHHHHHHHHHHHH!!!!! </editorial comment>
Thank you all for all your help and patience with this!!!!!
-T
More information about the sane-devel
mailing list