[sane-devel] Umask and xsane

Richard Ryniker ryniker at alum.mit.edu
Tue Aug 27 14:21:52 BST 2019

Consider a system that supports multiple users.  When access to a
resource, such as a scanner, should be limited to only some users, the
classic solution is to create a "scanner" group and define users who
should have scanner access as members of that group.

When a user changes to the scanner group in order to access the scanner,
it would be a security fault if his images can be seen by other users in
the scanner group.  Therefore, when using the scanner, umask should be
set by default to preclude access by other group members to new image
files.  If group access is desired, the user should explicitly arrange
that - by change to the umask value during scanning, or to file
attributes after scanning.

SELinux provides more sophisticated access control, but is more work to
maintain and therefore is less used when its capabilities are not required.

The majority of Linux systems are single-user, or close to that, and
scanner access control is not relevant, but this is no excuse to
avoid security considerations.

More information about the sane-devel mailing list