On Sat, 18 Jan 2003 16:30:03 +0200 (SAST) Buchan Milne <[EMAIL PROTECTED]> wrote:
> > > > > Only thing to decide on is how to handle the /etc/services entry, > > > > > and handling of device permissions ... > > > > > > > > Maybe add saned to the usb or users group? > > > > > > Among others ... > > > > > > Hack on /etc/security/console.perms: > > > <console> 0660 <scanner> 0660 root.usb > > > > For my usb scanner, I have it working when I am member of the usb group, > > and have: > > <console> 0600 <scanner> 0660 root.usb > > Well, it should actually work for any user who logs in, pam_console_apply > just resets permissions as if you had logged out, without you logging out. > The problem with your entry above is that when a user logs in and > pam_console is run, the perms will be set to 0600 (first mode entry), > which will break saned's access. Ok, so the line you gave might be better then. Pam would need to be changed then. > > According to the sane-usb and sane-scsi it is recommended to make a > > scanner group. I'm not sure if that's really necessary, actually, I can't > > think of a real reason for it. > > Another thing, in /etc/security/console.perms /dev/scanner is part of the > > <scanner> class. That should only be used for scsi scanners, and then be a > > symlink to /dev/sgx. So maybe that shouldn't be there. > > > > A scsi scanner is spoken to through a /dev/sgx device, which is part of > > the<burner> class. Adding saned to group cdwriter, would make that > > function right, right? > > I wouldn't know how to see if a /dev/sgx device is a scsi scanner or > > another scsi disk (maybe scannerdrake can?) so therefore I think a scanner > > group will not be usefull. Just use cdwriter. What do you think? > > There are more problems with /dev/sg*, since on tape devices with a > changer have an sg* device for the changer. For example, to get amanda to > be able to change tapes, we set /dev/sg* to root.disk 0660, since amanda > is in the disk group (on our new server). > > Does anyone have a list of all the kinds of devices handled by /dev/sg* ? > > Or, I guess amanda could also be made a member of the cdwriter group (may > be of use when using amanda with a CD-writer, which I haven't tried ...). I assume that group cdwriter just stands for access to all generic scsi devices. In the end Sane should know which device is a scanner, and which not. So then adding saned to the group cdwriter might be good. > > About the sane specfile. There are a lot of configfiles under /etc/sane.d. > > Putting saned.conf in a saned subpackage will have the effect that all the > > other .conf files need to be listed all instead of just a *. Great :-) > > > > May be ok to leave /etc/sane.d/saned.conf in sane-backends, just make > saned package have saned, xinetd config file and pre/post scripts, and > require sane-backends and xinetd. Oh, I figured out how to deal with the .conf files, thanks to Dvalin/Per. %config(noreplace) %{_sysconfdir}/sane.d/*[!saned] will put everything in, exept the saned.conf file. And yes, it should require xinetd. Good thing you mention it. -- Marcel Pol