From 794c950b32454a4b83faa1078ee83bf1a2041569 Mon Sep 17 00:00:00 2001 From: Luiz Angelo Daros de Luca Date: Sat, 1 Jun 2019 03:30:23 -0300 Subject: sane-backends: run (xinetd) saned as non-root saned requires write access scanner USB bus for its process and to usblp/bind in order to rebind multifunctional printers back to usblp (for printing with p910nd). A hotplug script monitor new USB devices for scanners. Scanners are detected by searching /usr/share/sane/-.usbid for the device product_id. The package saned creates user saned:scanners. Access is granted to group scanners. The default xinetd conf was updated to run as saned:scanner. sane-daemon pkg now has a postinst trigger that runs udevtrigger for granting perms where there are connected scanners during installation. Existing hotplug scripts from hplip were removed. They were mostly useless. Signed-off-by: Luiz Angelo Daros de Luca --- utils/sane-backends/files/saned.hotplug | 27 +++++++++++++++++++++++++++ utils/sane-backends/files/saned.xinetd | 3 +-- 2 files changed, 28 insertions(+), 2 deletions(-) create mode 100755 utils/sane-backends/files/saned.hotplug (limited to 'utils/sane-backends/files') diff --git a/utils/sane-backends/files/saned.hotplug b/utils/sane-backends/files/saned.hotplug new file mode 100755 index 000000000..42d35ad96 --- /dev/null +++ b/utils/sane-backends/files/saned.hotplug @@ -0,0 +1,27 @@ +#!/bin/sh + +[ "$ACTION" = "add" ] || exit 0 +[ "$DEVTYPE" = "usb_device" ] || exit 0 + +SANE_GROUP=scanner +grep -q -E "^$SANE_GROUP:" /etc/group || exit 0 + +# Filter SANE known devices +vendor_product="${PRODUCT%/*}" +vendorid="$(printf '%04x' "0x0${vendor_product%/*}")" +productid="$(printf '%04x' "0x0${vendor_product#*/}")" +grep -s -x -F -q "$productid" "/usr/share/sane/$vendorid"-*.usbid || exit 0 + +grant() { + logger -t "hotplug(usb/20-saned)" "Granting $1 to '$2' for group '$SANE_GROUP'" + chgrp "$SANE_GROUP" "$2" + chmod "$1" "$2" +} + +# Needed by script /usr/bin/saned to rebind USB devices back to usblp after use +usblp_bind="/sys/bus/usb/drivers/usblp/bind" +if [ -e "$usblp_bind" ]; then + grant g+w "$usblp_bind" +fi + +grant g+rw "/dev/$DEVNAME" diff --git a/utils/sane-backends/files/saned.xinetd b/utils/sane-backends/files/saned.xinetd index bc4dff8a7..1202d7fd5 100644 --- a/utils/sane-backends/files/saned.xinetd +++ b/utils/sane-backends/files/saned.xinetd @@ -7,8 +7,7 @@ service sane-port socket_type = stream port = 6566 wait = no - user = root -# user = saned + user = saned group = scanner server = /usr/sbin/saned disable = yes -- cgit v1.2.3