[Bug 236956] Re: sane devices should not be managed by consolekit

Rolf Leggewie 236956 at bugs.launchpad.net
Fri Apr 12 06:09:25 UTC 2013 

Brian, are you sure?  I've ssh'd into a precise box today and cannot
access the attached scanner as an ordinary user.  Scanning being broken
for so many years and differently in every release is really
frustrating!

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to consolekit in Ubuntu.
https://bugs.launchpad.net/bugs/236956

Title:
  sane devices should not be managed by consolekit

Status in “consolekit” package in Ubuntu:
  Invalid
Status in “sane-backends” package in Ubuntu:
  Confirmed

Bug description:
  In hardy, USB scanners are managed differently than in previous
  releases of Ubuntu.

  Before hardy, there was a udev rules assigning to the "scanner" group
  all the usb devices that appeared to be scanners under comparison to
  the /etc/udev/rules.d/45-libsane.rules.

  Now, that file is no more, and the access to the usb scanners is
  controlled by HAL+Consolekit.

  The result is that only the user who is sitting at the console has
  permission to use the scanner, since the usb devices now get owned by
  root, with a special ACL allowing access to the console user.

  This is a very very wrong thing to do.

  The beauty of sane is that it can work over the network.  But with
  "hardy" it cannot anymore: there is no possibility to set up a scanner
  server.

  Saned is supposed to be run via xinetd as the saned user. But with the current setup, the saned user cannot access the scanner, since only the current console user and root can. It is not possible to tell xinetd that saned should be run as "the current console user". And in fact there might be no current console user at all.
  Nor it is possible to tell xinetd that saned should be run as root, because this is just too bad from a security point of view.

  What makes the matter worse is that putting the 45-libsane.rules from
  gutsy back in place does not help.

  So, with the current consolekit thing, sane is not sane anymore, and
  can only be run from the console (a la Twain) and not as a server.

  Please, rethink about console kit and scanners.  Consolekit is a very
  desktop-centric thing, assuming that most pluggable peripherals should
  be owned by the person at the console. But this is generally not true
  of anything that can be shared on the network. Things that can be
  shared should be independent from the console user. Please go back to
  treating scanners with a dedicated system user or group owning them.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/consolekit/+bug/236956/+subscriptions

More information about the foundations-bugs mailing list