[wellylug] Scanner permissions
Jethro Carr
jethro.carr at jethrocarr.com
Mon Sep 15 20:40:05 NZST 2008
On Mon, 2008-09-15 at 20:20 +1200, Alastair Porter wrote:
> Note that using setuid is potentially a security risk - if there is a
> vulnerability in `scanimage`, it would effectively be run as root.
yup, this is a good point to mention.
> You should be able to give www-data access to the scanner device. You
> can do this either by giving the device a special group and adding the
> user to this group, or set o+rw on the device.
> Since you're using ubuntu, you should be able to create a udev rule to
> set most of this up when you plug the scanner in. I would start by
> plugging it in and running `dmesg` and inspecting the output to see if
> you can work out what device the scanner is allocated. Let us know if
> you can work out what the device is, and also what the output of ls -l
> on that device is.
As far as I'm aware, USB scanners do not create a device node - they are
like ethernet cards in that respect.
However, reading online it does appear you can configure udev to set the
permissions for the scanners.
Looking in the files for my CentOS 4 system:
/etc/udev/permissions.d/50-udev.permissions
---
# scanner devices
scanner:root:root:0600
usb/scanner*:root:root:0600
---
I suspect that changing this should sort your problem out. :-)
The udev configuration differs from distribution to distribution, so I'm
not sure exactly what file you need to edit for ubuntu 8.04
regards,
jethro
--
Jethro Carr
www.jethrocarr.com/index.php?cms=blog
www.amberdms.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://lists.wellylug.org.nz/pipermail/wellylug/attachments/20080915/fb583d00/attachment-0001.pgp
More information about the wellylug
mailing list