[sane-devel] [solved] Re: Saned and root privileges ????

ToddAndMargo ToddAndMargo at zoho.com
Sat Mar 10 21:33:00 UTC 2018 

On 03/10/2018 01:01 PM, ToddAndMargo wrote:
> On 03/10/2018 12:44 PM, ToddAndMargo wrote:
>> On 03/10/2018 12:23 PM, ToddAndMargo wrote:
>>> On 03/10/2018 09:22 AM, Andrew Goodbody wrote:
>>>>
>>>>
>>>> On 10/03/18 11:17, ToddAndMargo wrote:
>>>>> On 03/10/2018 03:06 AM, Andrew Goodbody wrote:
>>>>>> On 10/03/18 04:59, ToddAndMargo wrote:
>>>>>>> On 03/09/2018 12:53 PM, ToddAndMargo wrote:
>>>>>>>> Hi All,
>>>>>>>>
>>>>>>>> Okay, now this is "scary".
>>>>>>>>
>>>>>>>> Both xsane and Simple Scan work locally.
>>>>>>>>
>>>>>>>> I can not get saned to work, UNLESS, I edit /etc/group
>>>>>>>> and add the following to root
>>>>>>>>
>>>>>>>> root:x:0:saned
>>>>>>>>
>>>>>>>> Without it, I get
>>>>>>>>
>>>>>>>> $ xsane net:localhost:epkowa:interpreter:001:007
>>>>>>>> Access to resource has been denied
>>>>>>>>
>>>>>>>> Now what am I doing wrong?  Must saned have root privileges?
>>>>>>>>
>>>>>>>> Many thanks,
>>>>>>>> -T
>>>>>>>
>>>>>>> I just caught this:
>>>>>>>
>>>>>>> $ ps -eo pid,user,group,args --sort user | grep cups
>>>>>>>   5005 root     root     /usr/sbin/cupsd -l
>>>>>>>
>>>>>>> CUPS "is" running as root.  So is it okay to add
>>>>>>> saned to root's group?
>>>>>>
>>>>>> No, of course not, that's a huge security hole. Just because cups 
>>>>>> does it is no indication that saned should.
>>>>>>
>>>>>> The problem could well be that the user saned does not have access 
>>>>>> to your scanner. So check that saned is a member of whichever 
>>>>>> group can access your scanner device. This may be 'scanner'.
>>>>>>
>>>>>> Andrew
>>>>>
>>>>> find /dev -iname \*scanner\*
>>>>> <nothing>
>>>>
>>>> Please keep this on the list.
>>>>
>>>> What do the commands
>>>>
>>>> lsusb -s 001:007
>>>>
>>>> and
>>>>
>>>> ls -l /dev/bus/usb/001/007
>>>>
>>>> return?
>>>>
>>>> Andrew
>>>
>>> $ scanimage -L
>>> device `epkowa:interpreter:001:007' is a Epson Perfection V300 
>>> flatbed scanner
>>>
>>> $ lsusb -s 001:007
>>> Bus 001 Device 007: ID 04b8:0131 Seiko Epson Corp. GT-F720 
>>> [GT-S620/Perfection V30/V300 Photo]
>>>
>>> $ ls -l /dev/bus/usb/001/007
>>> crw-rw-r--+ 1 root root 189, 6 Mar 10 12:03 /dev/bus/usb/001/007
>>>
>>> $ ls -l /usr/lib/udev/rules.d | grep -i sane
>>> -rw-r--r--. 1 root root   3934 Mar  9 12:21 65-sane-backends.rules
>>>
>>> The following temporarily fixes the issue (saned removed from
>>> root and a test to verify `xsane net:localhost` crashes before
>>> throwing the following):
>>>
>>>     # chown saned.saned ls -l /dev/bus/usb/001/007
>>>
>>> But the scanner does not always mount on 001:007.
>>> Power it off and back on and it mounts on 001:008, etc.
>>>
>>>
>>> Does this lead us to a fix?
>>>
>>> Many thanks,
>>> -T
>>
>> Now it has decided to give the list precedence!
>>
>> Over on
>>
>> https://bugzilla.redhat.com/show_bug.cgi?id=1091566#c8
>>
>>        2. Permissions must be given to the saned user to access scanners.
>>        I don't have any scanners to test, but the following should work:
>>
>>        # /usr/lib/udev/rules.d/70-saned.rules
>>        ACTION=="add", ENV{libsane_matched}=="yes", GROUP="saned", 
>> MODE="0660"
>>
>>
>> Is this something I should add to
>>      /usr/lib/udev/rules.d/65-sane-backends.rules
>> ?
> 
> 
> And that worked.
> 
> # rpm -qf /usr/lib/udev/rules.d/65-sane-backends.rules
> sane-backends-1.0.27-12.fc27.x86_64
> 
> Ah Ha!
> 
> I just opened
> https://bugzilla.redhat.com/show_bug.cgi?id=1554032
> 
> to fix this.
> 
> I have been trouybleshooting this since November
> <Editorial comment> AAAAAAHHHHHHHHHHHHHHHHHHHHH!!!!! </editorial comment>
> 
> Thank you all for all your help and patience with this!!!!!
> 
> -T
> 
> 


Note: you have to reboot to get this to take:

$ scanimage -L
device `epkowa:interpreter:001:003' is a Epson Perfection V300 flatbed 
scanner
device `net:localhost:epkowa:interpreter:001:003' is a Epson Perfection 
V300 flatbed scanner

$ xsane net:localhost
worked

Unplugging and replugging the scanner:
$ scanimage -L
device `epkowa:interpreter:001:008' is a Epson Perfection V300 flatbed 
scanner
device `net:localhost:epkowa:interpreter:001:008' is a Epson Perfection 
V300 flatbed scanner

$ xsane net:localhost
worked


-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Serious error.
All shortcuts have disappeared.
Screen. Mind. Both are blank.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

More information about the sane-devel mailing list