[wellylug] Scanner permissions

Alastair Porter alastair at porter.net.nz
Mon Sep 15 20:20:22 NZST 2008 

Note that using setuid is potentially a security risk - if there is a
vulnerability in `scanimage`, it would effectively be run as root.

You should be able to give www-data access to the scanner device.  You
can do this either by giving the device a special group and adding the
user to this group, or set o+rw on the device.
Since you're using ubuntu, you should be able to create a udev rule to
set most of this up when you plug the scanner in.  I would start by
plugging it in and running `dmesg` and inspecting the output to see if
you can work out what device the scanner is allocated.  Let us know if
you can work out what the device is, and also what the output of ls -l
on that device is.

Alastair

On Mon, 2008-09-15 at 20:05 +1200, Rob van der Linde wrote:
> Thanks, that works. Now to make a driver for openpsfc :)
> 
> On Mon, 2008-09-15 at 19:48 +1200, Jethro Carr wrote:
> > On Mon, 2008-09-15 at 19:40 +1200, Rob van der Linde wrote:
> > > I have a Canon USB scanner which is supported by Linux (I can run it no
> > > problem on Ubuntu 8.04 desktop), that I want to get running on Ubuntu
> > > 8.04 server. When I enter:
> > > 
> > > scanimage -L
> > > 
> > > Nothing shows, however:
> > > 
> > > sudo scanimage -L
> > > 
> > > Comes up with the following:
> > > 
> > > device `plustek:libusb:002:003' is a Canon CanoScan N1240U/LiDE30
> > > flatbed scanner
> > > 
> > > I also ran sane-find-scanner which sees the scanner, it says you may
> > > need to adjust the permissions for scanimage -L to see it. I think that
> > > is is why it is only showing when I run that command as root.
> > > 
> > > I want to be able to use the scanner as the user www-data, so I can run
> > > Jethro's openpsfc software. Any ideas how I should do this?
> > 
> > hi Rob,
> > 
> > I believe it works with your GUI because HAL/GNOME/KDE does some funky
> > stuff to give the user access to the scanner device.
> > 
> > To make it work on a server, I tend to fix it by giving the scanimage
> > command permissions to run as root when executed by any user. Eg:
> > chmod +s /usr/bin/scanimage
> > 
> > There are other ways too, such as setting up sudo access, but the chmod
> > method is easiest.
> > 
> > There may be a better way to give non-root users access to scanners, but
> > I'm not aware of how. (if you know, please do enlighten me! :-)
> > 
> > The problem is that usb scanners don't create device files, so you can't
> > set permissions on them that way, it's all done using kernel APIs.
> > 
> > regards,
> > jethro

More information about the wellylug mailing list