[sane-devel] Everyone!

Olaf Meeuwissen paddy-hack at member.fsf.org
Sat Nov 25 09:02:59 UTC 2017 

Hi ToddAndMargo,

ToddAndMargo writes:

>>> Em sex, 24 de nov de 2017 09:47, ToddAndMargo <ToddAndMargo at zoho.com
>>> <mailto:ToddAndMargo at zoho.com>> escreveu:
>>>
>>>     On 11/24/2017 03:44 AM, ToddAndMargo wrote:
>>>      > Hi All,
>>>      >
>>>      > What to I do to saned.conf to tell it I want EVERYONE to
>>>      > be able to access it?
>>>
>>>     Both network users and all users in general
>>>
>
> On 11/24/2017 05:26 PM, Luiz Angelo Daros de Luca wrote:
>> Add a single + in a line.
>
> I do not understand.
>
> I should have said I was speaking of
>      /etc/sane.d/saned.conf

Straight from the saned manual page in the CONFIGURATION section

  CONFIGURATION
         First and foremost: saned is not intended to be exposed to the
         internet or other non-trusted networks. Make sure that access
         is limited by tcpwrappers and/or a fire‐ wall setup. Don't
         depend only on saned's own authentication. Don't run saned as
         root if it's not necessary. And do not install saned as setuid
         root.

         The saned.conf configuration file contains both options for the
         daemon and the access list.

         data_portrange = min_port - max_port
                Specify the port range to use for the data
                connection. Pick a port range between 1024 and 65535;
                don't pick a too large port range, as it may have
                performance issues. Use this option if your saned server
                is sitting behind a firewall. If that firewall is a
                Linux machine, we strongly recommend using the Netfilter
                nf_conntrack_sane module instead.

         The access list is a list of host names, IP addresses or IP
         subnets (CIDR notation) that are permitted to use local SANE
         devices. IPv6 addresses must be enclosed in brackets, and
         should always be specified in their compressed
         form. Connections from localhost are always permitted. Empty
         lines and lines starting with a hash mark (#) are ignored.  A
         line containing the single character ``+'' is interpreted to
         match any hostname. This allows any remote machine to use your
         scanner and may present a security risk, so this shouldn't be
         used unless you know what you're doing.

> I am look at how to add all users and all networks.  I want
> everyone to be able to access the scanner.

Reading or searching the documentation might help ;-)

Hope this helps,
--
Sent with my mu4e

More information about the sane-devel mailing list