[sane-devel] Saned and root privileges ????

ToddAndMargo ToddAndMargo at zoho.com
Sat Mar 10 20:23:25 UTC 2018 

On 03/10/2018 09:22 AM, Andrew Goodbody wrote:
> 
> 
> On 10/03/18 11:17, ToddAndMargo wrote:
>> On 03/10/2018 03:06 AM, Andrew Goodbody wrote:
>>> On 10/03/18 04:59, ToddAndMargo wrote:
>>>> On 03/09/2018 12:53 PM, ToddAndMargo wrote:
>>>>> Hi All,
>>>>>
>>>>> Okay, now this is "scary".
>>>>>
>>>>> Both xsane and Simple Scan work locally.
>>>>>
>>>>> I can not get saned to work, UNLESS, I edit /etc/group
>>>>> and add the following to root
>>>>>
>>>>> root:x:0:saned
>>>>>
>>>>> Without it, I get
>>>>>
>>>>> $ xsane net:localhost:epkowa:interpreter:001:007
>>>>> Access to resource has been denied
>>>>>
>>>>> Now what am I doing wrong?  Must saned have root privileges?
>>>>>
>>>>> Many thanks,
>>>>> -T
>>>>
>>>> I just caught this:
>>>>
>>>> $ ps -eo pid,user,group,args --sort user | grep cups
>>>>   5005 root     root     /usr/sbin/cupsd -l
>>>>
>>>> CUPS "is" running as root.  So is it okay to add
>>>> saned to root's group?
>>>
>>> No, of course not, that's a huge security hole. Just because cups 
>>> does it is no indication that saned should.
>>>
>>> The problem could well be that the user saned does not have access to 
>>> your scanner. So check that saned is a member of whichever group can 
>>> access your scanner device. This may be 'scanner'.
>>>
>>> Andrew
>>
>> find /dev -iname \*scanner\*
>> <nothing>
> 
> Please keep this on the list.
> 
> What do the commands
> 
> lsusb -s 001:007
> 
> and
> 
> ls -l /dev/bus/usb/001/007
> 
> return?
> 
> Andrew

$ scanimage -L
device `epkowa:interpreter:001:007' is a Epson Perfection V300 flatbed 
scanner

$ lsusb -s 001:007
Bus 001 Device 007: ID 04b8:0131 Seiko Epson Corp. GT-F720 
[GT-S620/Perfection V30/V300 Photo]

$ ls -l /dev/bus/usb/001/007
crw-rw-r--+ 1 root root 189, 6 Mar 10 12:03 /dev/bus/usb/001/007

$ ls -l /usr/lib/udev/rules.d | grep -i sane
-rw-r--r--. 1 root root   3934 Mar  9 12:21 65-sane-backends.rules

The following temporarily fixes the issue (saned removed from
root and a test to verify `xsane net:localhost` crashes before
throwing the following):

    # chown saned.saned ls -l /dev/bus/usb/001/007

But the scanner does not always mount on 001:007.
Power it off and back on and it mounts on 001:008, etc.


Does this lead us to a fix?

Many thanks,
-T

More information about the sane-devel mailing list