[sane-devel] xinetd fails to start saned

Terry Spearman tnspearman at twc.com
Tue Feb 12 17:55:54 GMT 2019 

[tnspearman at server ~]$ cut -d: -f1 /etc/passwd /etc/group | grep saned
saned
saned

Looks like I have both a saned user and saned group on my system.

Doing some searching, it seems errno = 13 has more to do with the
permissions of the user than the permissions of the file being executed, so
I rebooted the server and logged on as root, but got the same result.

I have previously had issues caused by SELinux, so I tried temporarily
disabling it:

[tnspearman at server ~]$ sudo setenforce 0

I then restarted xinetd:

[tnspearman at server ~]$ sudo systemctl restart xinetd

Then checked its status:

[tnspearman at server ~]$ sudo systemctl status  xinetd
● xinetd.service - Xinetd A Powerful Replacement For Inetd
   Loaded: loaded (/usr/lib/systemd/system/xinetd.service; enabled; vendor
preset: enabled)
   Active: active (running) since Tue 2019-02-12 12:46:03 EST; 8min ago
  Process: 7647 ExecStart=/usr/sbin/xinetd -stayalive -pidfile
/var/run/xinetd.pid $EXTRAOPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 7648 (xinetd)
   CGroup: /system.slice/xinetd.service
           └─7648 /usr/sbin/xinetd -stayalive -pidfile /var/run/xinetd.pid

Feb 12 12:46:03 server xinetd[7648]: removing daytime
Feb 12 12:46:03 server xinetd[7648]: removing discard
Feb 12 12:46:03 server xinetd[7648]: removing discard
Feb 12 12:46:03 server xinetd[7648]: removing echo
Feb 12 12:46:03 server xinetd[7648]: removing echo
Feb 12 12:46:03 server xinetd[7648]: removing tcpmux
Feb 12 12:46:03 server xinetd[7648]: removing time
Feb 12 12:46:03 server xinetd[7648]: removing time
Feb 12 12:46:03 server xinetd[7648]: xinetd Version 2.3.15 started with
libwrap loadavg labeled-networking options compiled in.
Feb 12 12:46:03 server xinetd[7648]: Started working: 1 available service

So it appears to be an issue with SELinux.  I'd prefer not to permanently
disable it, so my problem now is to figure out how to get xinetd to start
saned with SELinux enabled.

-----Original Message-----
From: Olaf Meeuwissen [mailto:paddy-hack at member.fsf.org]
Sent: Tuesday, February 12, 2019 6:04 AM
To: Terry Spearman
Cc: sane-devel at alioth-lists.debian.net
Subject: Re: [sane-devel] xinetd fails to start saned

Hi Terry,

Terry Spearman writes:

> I can scan on the network if I run saned on the server  first.  After the
> scan, saned bails out, and I have to run saned on the server again if I
want
> to do a second scan.  My understanding is that xinetd is supposed to load
> saned and keep it running in the background listening for scanner
requests.
> Following the recommendations in
> http://www.sane-project.org/man/saned.8.html,
>
> I have added the following to /etc/xinetd.conf:
>
> # default = off
> # description: The sane server accepts requests
> # for network access to a local scanner via the network
>
> service sane-port
> {
>         port        = 6566
>         socket_type = stream
>         wait        = no
>         user        = saned
>         group       = saned
>         server      = /usr/sbin/saned
> }

You do have a saned user and group on your system, right?
Use

  cut -d: -f1 /etc/passwd /etc/group | grep saned

You should see saned *twice*.

> Checking the status of xinetd I see:
>
> $ systemctl status xinetd -l
> ● xinetd.service - Xinetd A Powerful Replacement For Inetd
>    Loaded: loaded (/usr/lib/systemd/system/xinetd.service; enabled; vendor
preset: enabled)
>    Active: active (running) since Mon 2019-02-11 13:31:04 EST; 1min 46s
ago
>   Process: 6974 ExecStart=/usr/sbin/xinetd -stayalive -pidfile
/var/run/xinetd.pid $EXTRAOPTIONS (code=exited, status=0/SUCCESS)
> Main PID: 6982 (xinetd)
>    CGroup: /system.slice/xinetd.service
>            └─6982 /usr/sbin/xinetd -stayalive -pidfile
/var/run/xinetd.pid
> Feb 11 13:31:04 server xinetd[6982]: removing discard
> Feb 11 13:31:04 server xinetd[6982]: removing echo
> Feb 11 13:31:04 server xinetd[6982]: removing echo
> Feb 11 13:31:04 server xinetd[6982]: removing tcpmux
> Feb 11 13:31:04 server xinetd[6982]: removing time
> Feb 11 13:31:04 server xinetd[6982]: removing time
> Feb 11 13:31:04 server xinetd[6982]: bind failed (Permission denied (errno
= 13)). service = sane-port

13?  That's bad luck ;-)

I think that would be EACCES (sic) which would indeed point to a
permissions issue.

> Feb 11 13:31:04 server xinetd[6982]: Service sane-port failed to start and
is deactivated.
> Feb 11 13:31:04 server xinetd[6982]: xinetd Version 2.3.15 started with
libwrap loadavg labeled-networking options compiled in.
> Feb 11 13:31:04 server xinetd[6982]: Started working: 0 available services
>
> I changed the group of /usr/bin/saned  to saned and the permissions to
777:

Permission of 0755 should be good enough.  No point in allowing any
idiot on your system to modify saned ;-)

# FTR, I'm the biggest idiot on my own systems ;-)

> ls -l /usr/sbin/saned
> -rwxrwxrwx. 1 root saned 48552 Oct 30 12:46 /usr/sbin/saned

So, you do have a saned group.  What about a saned user?

> I still get the same message when I run systemctl status xinetd
>
> Any suggestions/help greatly appreciated

Hope this helps,
--
Olaf Meeuwissen, LPIC-2            FSF Associate Member since 2004-01-27
 GnuPG key: F84A2DD9/B3C0 2F47 EA19 64F4 9F13  F43E B8A4 A88A F84A 2DD9
 Support Free Software                        https://my.fsf.org/donate
 Join the Free Software Foundation              https://my.fsf.org/join

More information about the sane-devel mailing list