sane config files [was [sane-devel] Infrared channel]]

Johannes Meixner jsmeix@suse.de
Mon, 28 Feb 2005 10:23:31 +0100 (CET) 

Hello,

On Feb 25 12:12 m. allan noah wrote (shortened):
> ... i personally dont have much problem with users being able
> to plug scanner into machine and make it
> work without root permissions ...

Admins don't like it when normal users can plug in whatever
hardware and make it work.
Admins want to be able to define what the normal users are
allowed to do and what not.

But it is perfect when - as Oliver said - there is a SANE admin
authentication in the frontend (like the CUPS admin authentication
for http://localhost:631/admin) and root can define who is a SANE admin
(by default it is only root but root can add any user to be a SANE admin).

I had this discussion regarding printers ("any user should be
able to plug in a printer and make it work"), a quote from a mail:
------------------------------------------------------------------------
See for example
http://www.cups.org/str.php?L790
what is possible (of course for all printing systems on all operating
systems) when any user can act as printing system administrator:

For all printing systems on all operating systems the printing system
administrator can copy any printout to any place he likes (e.g. send
it via mail to any external address or copy it to any external place).

To avoid misunderstandings:

If a person is the administrator of her/his workstation then
this person knows the root password and then this person is root
for her/his workstation and then this person can of course set up
the printing system on her/his workstation as she/he likes.

But if a workstation is administrated by someone else then
this "someone else person" is root for this workstation and
then the normal user of this workstation must not be permitted
by default to set up or change the printing system on this
workstation as she/he likes.
Of course the "someone else person" can permit the normal user
of this workstation to be a printing system administrator of
this workstation but this must not be permitted by default.
------------------------------------------------------------------------

You may say "for SANE there are no such problems".
But I think there are similar problems:
To "plug in a SCSI scanner and make it work" requires that a
SCSI kernel module is loaded - e.g. for the nice unstable SCSI
controller which comes with the scanner and which may lead to
unpredictable sudden system stops.
To set up some external backends special daemons must be
started (ptal for hpoj, hplip for hpaio) or non-free software
must be installed (for epkowa the Iscan software).
"Any user should be able to plug in a scanner and make it work"
requires sometimes additional stuff which leads to security or
license problems.


> should you not be in bed at this hour? :)

I don't know which way Suse/Novell mails go nowadays
(perhaps from German via US to the final recipient
and perhaps the sent-time may be somehow wrong).
When I sent this mail it was late afternoon in German.


Kind Regards,
Johannes Meixner
-- 
SUSE LINUX Products GmbH, Maxfeldstrasse 5      Mail: jsmeix@suse.de
90409 Nuernberg, Germany                    WWW: http://www.suse.de/