[sane-devel] Net Client Not Contacting Server SOLVED

C. Cook c.a.cook at quantum-sci.com
Fri Sep 11 18:05:42 BST 2020

Ok so this is to memorialize what I found with not being able to use my
scanner over the LAN.  Big thanks go out to Ralph Little and Olaf
Meeuwissen for helping with this distressing problem.

- For local scanning you do -not- need to install/activate saned, UNLESS
you will be doing network scanning.  Yes, ONLY if you will be doing
network scanning.  But in all cases you must install sane-backends and
make sure that the backend in dll.conf for whatever scanner you have is
-not- commented out.  And install whatever client application you want
to use. (XSane, gscan2pdf, etc)  The client applications access the
backends -directly-, not through saned.

- If you are doing network scanning you need only install saned on the
server (where the scanner is).  And on the server you do not enable the
net backend, only the backend appropriate for your scanner.  On the
client you install also sane-backends, but here you only enable the net
backend in dll.conf .

- My problem was, on the server # scanimage -L found the scanner just
fine, and # scanimage >test.jpg scanned just fine.  Notice I ran these
as root.  On my remote client machine though when I did a $ scanimage -L
as user... no scanner found.

So by default CentOS 7.6 sets all USB devices to 664 because of:

ENV{DEVTYPE}=="usb_device", MODE="0664"

Try as I might, I could not get udev to obey my new rule in
/etc/udev/rules.d/50-scanner.rule.  It would set owner and group, but
not rights:
SUBSYSTEM=="usb", ATTR{idVendor}=="04b8", ATTR{idProduct}=="014a",
OWNER="saned", GROUP="saned", MODE="0666"

A grep found:

ENV{DEVTYPE}=="usb_device", MODE="0664"

Ok what I learned is that all udev rules execute in lexigraphic order --
/etc/udev/rules.d/ does -not- override /usr/lib/udev/rules.d/... unless
rules of the same name.

Lesson is add /etc/udev/rules.d/60-scanner.rules with:

SUBSYSTEM=="usb", ATTR{idVendor}=="{yourscannervend}",
ATTR{idProduct}=="{yourscannerID}", OWNER="saned", GROUP="saned",

saned is non-privileged so this shouldn't be a security hazard,
especially if you extend 6566 to remote clients through a reverse SSH
tunnel like I do.  This way you don't have to add all your remote
clients to the server's saned group.

It was inconsiderate of the packager to not include this udev rule, and
I suspect this has cause widespread failure and frustration with
networking scanners.

More information about the sane-devel mailing list