[sane-devel] Third revision of Scanner HOWTO available

Till Kamppeter till.kamppeter@gmx.net
Sun, 20 Jul 2003 18:52:56 +0200


Major A wrote:
> 
> chapter 5.:
> 
> saned section: there's no mention at all of the changes required to
> net.conf. Also, what's the warning all about? I'd say it's advisable
> to run saned as a dedicated user (I usually call it saned), but it's
> not a group. Also, once saned is set up properly, _everyone_ has
> access to the scanner without requiring root privileges, as long as
> their computer is listed in saned.conf.
> 

I didnīt look into the document, but it should be mentioned that with 
saned and the net backend acting on one and the same machine as both 
client and server parallel scanners which are normally only accessible 
by root (e. g. Canon) can be accessed by normal users. Here a Mini-HOWTO:


The problem is that the SANE driver for your scanner accesses the 
parallel port directly, without use of the kernel. Such way of device 
access is only possible for root. Due to the kernel not being used there 
is no special file in /dev or /proc which represents the scanner and 
whose permissions can be opened for normal users.

Scanning-as-Normal-User-on-Wierd-Scanner-Mini-HOWTO
---------------------------------------------------

Original version I presented on MandrakeClub:
http://www.mandrakeclub.com/modules.php?op=modload&name=Splatt_Forum&file=viewtopic&topic=5895&forum=13

This version can also be used with non-Mandrake distros.

1. Make sure that saned is installed as in some distros it can be in an 
extra package (for example in Mandrake, type "urpmi saned" as root or 
use rpmdrake there).

2. Get root and stay root for the next steps. Create or edit 
/etc/xinetd.d/saned (we assume xinetd is used as in most modern distros):

# default: off
# description: The sane server accepts requests \
# for network access to a local scanner via the \
# network.
service sane
{
         disable = no
         port            = 6566
         socket_type     = stream
         wait            = no
         groups          = yes
         user            = root
         group           = root
         server          = /usr/sbin/saned
}

It can be already provided by your distro, but probably with

user = saned
group = saned

Make sure that you have

user = root
group = root

Add the line

sane 6566/tcp # SANE Control Port

to /etc/services if your distro didnīt put it there already.

3. Restart xinetd with

service xinetd restart

4. Add a line only containing "localhost" in both /etc/sane.d/saned.conf 
and /etc/sane.d/net.conf. Make sure that in /etc/sane.d/dll.conf is a 
line containing only "net" and a line containing only the name of the 
driver for your scanner, both without comment sign ("#") in the 
beginning. Make also sure that the configuration file for your scanner 
driver /etc/sane.d/<your scannerīs driver>.conf is correctly set up (see 
"man sane-<your scannerīs driver>").

Mandrake Linux users can also proceed as follows:

Start Scannerdrake

scannerdrake

and click on "Scanner sharing". Mark "The scanners on this machine are 
available to other computers" and "Use scanners on remote computers". 
Click on "Scanner sharing to hosts" and in the next window on "Add 
host". Then choose "Name/IP address of host:" and type "localhost" in 
the input line. Click "OK" and "Done". Now click "Use scanners on hosts: 
..." and in the dialog appearing "Add host". In the next window choose 
"This machine" and click "OK". Click "Done" to get back into the 
"Scanner sharing" and "OK" to get back into the main window of 
Scannerdrake. Now you can close Scannerdrake.

5. Run X-Sane (or your preferred frontend) as normal user and you should 
be able to scan. Please report here whether it really works.

6. You can still share your scanner on a network, simply add the 
addresses of the clients to your /etc/sane.d/saned.conf file.

How does this work?

We use the network scanning facility of SANE, but our "network" consists 
of only one machine, the machine where your parallel scanner is 
connected to. You do not need a network card for it. Linux has a virtual 
network consisting of only the local machine which is used when your 
machine is called with the name "localhost" or the IP address 127.0.0.1. 
So the server and the client are on the same machine. The server is the 
"saned" which you have installed in step (1). It calls the scanner 
driver and communicates with the scanner. To make this possible you let 
it run with root privileges. This you have configured in step (2) and 
(3). In step (4) you have told that the local machine and no other 
machine can access to your scanner (/etc/sane.d/saned.conf or 
scannerdrake's "Scanner sharing to hosts:" button) and that locally 
started scanning software should search for scanner servers on the local 
machine (/etc/sane.d/net.conf or scannerdrake's "Use the scanners on 
hosts:" button). The client is the X-Sane running as a normal user, 
started in step (5). It searches for local scanners where a normal user 
has access to and for remote scanners. In your case it searches only on 
the local machine and finds the saned providing your scanner. This way 
the scanner driver runs as root, but the scanning frontend, X-Sane, as 
normal user.

Troubleshooting:

Does your scanner work if you scan as root? If so, please check whether 
running the command "ifconfig" lists the "lo" device and whether your 
/etc/hosts file contains a line like

127.0.0.1 localhost

If not, do "ifup lo" and then try to scan as user with my method 
described above again.

If you have a personal firewall installed, go to the firewall config 
tool of your distro (Mandrake: in the MCC ("Security" section), click on 
"Advanced" and in the appearing input line enter/add the port) and open 
the port 6566 (TCP if TCP/UDP has to be supplied).

Check whether /etc/services contains the line

sane 6566/tcp # SANE Control Port

and add it if it is missing. Then enter the command

service xinetd restart

and try to scan as user again. If it does not work, post the output of 
the command shown on the SANE mailing list and also the config files 
mentioned in this posting.

    Till