[sane-devel] Adding hotplug scripts to CVS

Olaf Meeuwissen olaf@epkowa.co.jp
Thu, 26 Feb 2004 11:51:47 +0900 

Marcel Pol <mpol@gmx.net> writes:

> On Wed, 25 Feb 2004 20:47:27 +0100
> Julien BLACHE <jb@jblache.org> wrote:
>
>> I'm going to add the hotplug scripts used by the Debian package to the
>> CVS (probably into tools/hotplug), with a short README explaining how
>> to use them.
>> 
>> I can't remember if this was discussed on the list or on IRC, but
>> somebody (c0ffee ?) suggested we add to the libsane.usermap file all
>> the known and supported USB scanners, so that the hotplug support
>> would work mostly out of the box.
>> 
>> Does everybody agree with that ? I think I'll commit the files
>> tomorrow, then it'll be a matter of filling the libsane.usermap file
>> with a lot of USB product/vendor IDs :)
>
> I asked for this about 1 or 2 weeks ago because the Mandrake packages can use
> them. I don't remember seeing the discussion before, so maybe I'm resonsible
> for starting the discussion of the subject :-)
> However, it might be better to use pam for permissions. At least, that's how
> on Mandrake it was configured for the usbscanner module, and that way is also
> used for scsi scanners. The advantage of pam (pam_console) is that it can not
> only set permissions, but also set the ownership to the user that's logged in
> on the console.
> I did have some problems with it however, reconnecting the scanner made the
> corresponding file go from /proc/bus/usb/001/002 to */003, and for that file
> the ownership wasn't set correctly. I'm not sure if that's just some /proc
> weirdness or not.

That's probably because your pam_console only does things at login.
In general this is the wrong time for USB devices or any removable
device for that matter.
# BTW, I have most PAM stuff installed on my Debian system but can't
# find pam_console.  Just a reminder that pam_console just may not be 
# installed ...  I did see a pam_devperm (libpam-devperm) though.

Ownership, groupship and access permissions have to be set by hotplug
(or murasaki).  Because there is no knowing which user will be using
the scanner when it is plugged in, the Debian defaults of root.scanner
with permissions 0660 make good sense.  User that are allowed to use
scanners just have to be added to the scanner group.

You may want to change it to the users group if anyone may use the
scanner and all you normal users are added to this group by default.

> Ofcourse this ownership setting can also be done through a hotplug script,
> which reads the username from /var/run/console.lock

Why only allow the console user access to the scanner?
-- 
Olaf Meeuwissen                            EPSON KOWA Corporation, ECS
FSF Associate Member #1962           sign up at http://member.fsf.org/
GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97  976A 16C7 F27D 6BE3 7D90
Penguin's lib!       -- I hack, therefore I am --               LPIC-2