On Sat, 18 Jan 2003 16:30:03 +0200 (SAST)
Buchan Milne <[EMAIL PROTECTED]> wrote:
> > > > > Only thing to decide on is how to handle the /etc/services entry,
> > > > > and handling of device permissions ...
> > > >
> > > > Maybe add saned to the usb or users group?
> > >
> > > Among others ...
> > >
> > > Hack on /etc/security/console.perms:
> > > <console> 0660 <scanner> 0660 root.usb
> >
> > For my usb scanner, I have it working when I am member of the usb group,
> > and have:
> > <console> 0600 <scanner> 0660 root.usb
>
> Well, it should actually work for any user who logs in, pam_console_apply
> just resets permissions as if you had logged out, without you logging out.
> The problem with your entry above is that when a user logs in and
> pam_console is run, the perms will be set to 0600 (first mode entry),
> which will break saned's access.
Ok, so the line you gave might be better then. Pam would need to be changed
then.
> > According to the sane-usb and sane-scsi it is recommended to make a
> > scanner group. I'm not sure if that's really necessary, actually, I can't
> > think of a real reason for it.
> > Another thing, in /etc/security/console.perms /dev/scanner is part of the
> > <scanner> class. That should only be used for scsi scanners, and then be a
> > symlink to /dev/sgx. So maybe that shouldn't be there.
> >
> > A scsi scanner is spoken to through a /dev/sgx device, which is part of
> > the<burner> class. Adding saned to group cdwriter, would make that
> > function right, right?
> > I wouldn't know how to see if a /dev/sgx device is a scsi scanner or
> > another scsi disk (maybe scannerdrake can?) so therefore I think a scanner
> > group will not be usefull. Just use cdwriter. What do you think?
>
> There are more problems with /dev/sg*, since on tape devices with a
> changer have an sg* device for the changer. For example, to get amanda to
> be able to change tapes, we set /dev/sg* to root.disk 0660, since amanda
> is in the disk group (on our new server).
>
> Does anyone have a list of all the kinds of devices handled by /dev/sg* ?
>
> Or, I guess amanda could also be made a member of the cdwriter group (may
> be of use when using amanda with a CD-writer, which I haven't tried ...).
I assume that group cdwriter just stands for access to all generic scsi
devices.
In the end Sane should know which device is a scanner, and which not. So then
adding saned to the group cdwriter might be good.
> > About the sane specfile. There are a lot of configfiles under /etc/sane.d.
> > Putting saned.conf in a saned subpackage will have the effect that all the
> > other .conf files need to be listed all instead of just a *. Great :-)
> >
>
> May be ok to leave /etc/sane.d/saned.conf in sane-backends, just make
> saned package have saned, xinetd config file and pre/post scripts, and
> require sane-backends and xinetd.
Oh, I figured out how to deal with the .conf files, thanks to Dvalin/Per.
%config(noreplace) %{_sysconfdir}/sane.d/*[!saned]
will put everything in, exept the saned.conf file.
And yes, it should require xinetd. Good thing you mention it.
--
Marcel Pol
