[sane-devel] 1.0.25 is out, now what?

Olaf Meeuwissen paddy-hack at member.fsf.org
Wed Nov 4 09:06:03 UTC 2015 

Hi Johannes,

Johannes Meixner writes (among other things):

> On Oct 28 20:18 Olaf Meeuwissen wrote (excerpt):
>> Johannes Meixner writes:
> ...
>>> RFC for an additional goal for sane-backends-1.0.26:
>>>
>>> - switch to group "lp" instead of "scanner"
> ...
>> I think it best to leave this to the individual distributions to decide.
>
> My hope is that the individual distributions might even be able
> to agree on a common default so that all Linux users could have
> the same default base of operations.
>
>> What can be done fairly easily, however, is to make it easier for them
>> to override/customize the DEVMODE, DEVOWNER and DEVGROUP values in
>> tools/sane-desc.c.
>
> Perhaps a configure option to specify that would be nice?

And/or command-line options that can be used to specify them (with
build-time defaults provided via configure options).  That way you can
change your mind after configuring without having to reconfigure.  You
simply rerun the tool.

>> FYI, Debian has
>>
>>  ENV{libsane_matched}=="yes", RUN+="/bin/setfacl -m g:scanner:rw $env{DEVNAME}"
>
> I like to understand the reson behind why Debian uses
> the "scanner" group.

No clue.  You'll have to ask the Debian maintainer.

> Is it that for Debian use of consumables (paper and ink/toner)
> in a printer is more strictly controlled than scanners?

I just mentioned that as an example use case that I could think of.  Not
because Debian actually tries to do something like that.  It would local
policy (company/institute, department, etc.) stuff at best.

> Regardless what the reason is, I also like to understand how
> Debian deals with multifunction devices because - as far as
> I understand it - there is the conflict that multifunction devices
> would have to belong both to the "lp" and the "scanner" group.

It's been a while and my memory is not quite up to snuff but from what I
understand the setfacl invocation *adds* a scanner group with read/write
permissions to the device access control list (if there wasn't one).  If 
there is one already, only the groups permissions are set.

Hope this helps,
-- 
Olaf Meeuwissen, LPIC-2            FSF Associate Member since 2004-01-27
Support Free Software               Support the Free Software Foundation
https://my.fsf.org/donate                        https://my.fsf.org/join
 GnuPG key: F84A2DD9/B3C0 2F47 EA19 64F4 9F13  F43E B8A4 A88A F84A 2DD9

More information about the sane-devel mailing list