Ask Your Question
1

saned in root ???

asked 2018-03-09 17:21:57 -0600

toddandmargo gravatar image

updated 2018-03-10 14:31:48 -0600

Hi All,

Okay, now this is "scary".

Both xsane and Simple Scan work locally.

I can not get saned to work, UNLESS, I edit /etc/group and add the following to root

root:x:0:saned

Without it, I get

$ xsane net:localhost:epkowa:interpreter:001:007
Access to resource has been denied

Now what am I doing wrong? Must saned have root privileges?

What are the security ramifications of doing this?

Many thanks, -T

Extra info:

I just caught this:

$ ps -eo pid,user,group,args --sort user | grep cups
 5005 root     root     /usr/sbin/cupsd -l

CUPS "is" running as root. So is it okay to add saned to root's group?

Response to Thomas Wood that will not fit in the comment's post:

$ scanimage -L
device `epkowa:interpreter:001:007' is a Epson Perfection V300 flatbed scanner

$ lsusb -s 001:007
Bus 001 Device 007: ID 04b8:0131 Seiko Epson Corp. GT-F720 [GT-S620/Perfection V30/V300 Photo]

$ ls -l /dev/bus/usb/001/007
crw-rw-r--+ 1 root root 189, 6 Mar 10 12:03 /dev/bus/usb/001/007

$ ls -l /usr/lib/udev/rules.d | grep -i sane
-rw-r--r--. 1 root root   3934 Mar  9 12:21 65-sane-backends.rules

$ grep lp /etc/group
lp:x:7:saned

The following temporarily fixes the issue (saned removed from root and a test to verify xsane net:localhost crashes before throwing the following):

   # chown saned.saned ls -l /dev/bus/usb/001/007

But the scanner does not always mount on 001:007. Power it off and back on and it mounts on 001:008, etc.. and the chown has to be rethrown every reboot.

edit retag flag offensive close merge delete

Comments

Check the permissions on the the device of your scanner connected in /dev/. Look at the groups of the device and it might be sufficient to add the saned user to the lp group. Depending on the group that is assigned to the device and the access rights.

thomaswood gravatar imagethomaswood ( 2018-03-10 08:32:22 -0600 )edit

See my extra info in the original question

toddandmargo gravatar imagetoddandmargo ( 2018-03-10 14:28:15 -0600 )edit

2 Answers

Sort by ยป oldest newest most voted
1

answered 2018-03-10 15:05:42 -0600

toddandmargo gravatar image

updated 2018-03-10 15:31:27 -0600

Followup: To correct this, add

# /usr/lib/udev/rules.d/70-saned.rules
ACTION=="add", ENV{libsane_matched}=="yes", GROUP="saned", MODE="0660"

to

/usr/lib/udev/rules.d/65-sane-backends.rules

I just opened https://bugzilla.redhat.com/show_bug....

to fix this.

I have been troubleshooting this since November <editorial comment=""> AAAAAAHHHHHHHHHHHHHHHHHHHHH!!!!! </editorial>

Note: you have to reboot to get this to take:

$ scanimage -L device epkowa:interpreter:001:003' is a Epson Perfection V300 flatbed scanner devicenet:localhost:epkowa:interpreter:001:003' is a Epson Perfection V300 flatbed scanner

$ xsane net:localhost worked

Unplugging and replugging the scanner: $ scanimage -L device epkowa:interpreter:001:008' is a Epson Perfection V300 flatbed scanner devicenet:localhost:epkowa:interpreter:001:008' is a Epson Perfection V300 flatbed scanner

$ xsane net:localhost worked

-T

A fun command:

# rpm -qf /usr/lib/udev/rules.d/65-sane-backends.rules
sane-backends-1.0.27-12.fc27.x86_64
edit flag offensive delete link more
-1

answered 2018-03-10 08:40:28 -0600

fcomida gravatar image

Do your homework first. Read the docs, you will discover there is a systemd service for starting saned and probably a selinux policy for securing it. I don't know and I don't care since I don't use it.

edit flag offensive delete link more

Comments

I have been reading the docs since November. What an unhelpful answer.

toddandmargo gravatar imagetoddandmargo ( 2018-03-10 14:26:12 -0600 )edit

Well if you do not provide context to your question...now I understand there is a bug somewhere in the chain of programs (systemd,udev) and configuration files that should, at the end, bring saned up and running correctly.

fcomida gravatar imagefcomida ( 2018-03-10 17:08:21 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-03-09 17:21:57 -0600

Seen: 80 times

Last updated: Mar 10