Ask Your Question

saned in root ???

asked 2018-03-09 17:21:57 -0500

toddandmargo gravatar image

updated 2018-03-10 14:31:48 -0500

Hi All,

Okay, now this is "scary".

Both xsane and Simple Scan work locally.

I can not get saned to work, UNLESS, I edit /etc/group and add the following to root


Without it, I get

$ xsane net:localhost:epkowa:interpreter:001:007
Access to resource has been denied

Now what am I doing wrong? Must saned have root privileges?

What are the security ramifications of doing this?

Many thanks, -T

Extra info:

I just caught this:

$ ps -eo pid,user,group,args --sort user | grep cups
 5005 root     root     /usr/sbin/cupsd -l

CUPS "is" running as root. So is it okay to add saned to root's group?

Response to Thomas Wood that will not fit in the comment's post:

$ scanimage -L
device `epkowa:interpreter:001:007' is a Epson Perfection V300 flatbed scanner

$ lsusb -s 001:007
Bus 001 Device 007: ID 04b8:0131 Seiko Epson Corp. GT-F720 [GT-S620/Perfection V30/V300 Photo]

$ ls -l /dev/bus/usb/001/007
crw-rw-r--+ 1 root root 189, 6 Mar 10 12:03 /dev/bus/usb/001/007

$ ls -l /usr/lib/udev/rules.d | grep -i sane
-rw-r--r--. 1 root root   3934 Mar  9 12:21 65-sane-backends.rules

$ grep lp /etc/group

The following temporarily fixes the issue (saned removed from root and a test to verify xsane net:localhost crashes before throwing the following):

   # chown saned.saned ls -l /dev/bus/usb/001/007

But the scanner does not always mount on 001:007. Power it off and back on and it mounts on 001:008, etc.. and the chown has to be rethrown every reboot.

edit retag flag offensive close merge delete


Check the permissions on the the device of your scanner connected in /dev/. Look at the groups of the device and it might be sufficient to add the saned user to the lp group. Depending on the group that is assigned to the device and the access rights.

thomaswood gravatar imagethomaswood ( 2018-03-10 08:32:22 -0500 )edit

See my extra info in the original question

toddandmargo gravatar imagetoddandmargo ( 2018-03-10 14:28:15 -0500 )edit

2 Answers

Sort by ยป oldest newest most voted

answered 2018-03-10 15:05:42 -0500

toddandmargo gravatar image

updated 2018-03-10 15:31:27 -0500

Followup: To correct this, add

# /usr/lib/udev/rules.d/70-saned.rules
ACTION=="add", ENV{libsane_matched}=="yes", GROUP="saned", MODE="0660"



I just opened

to fix this.

I have been troubleshooting this since November <editorial comment=""> AAAAAAHHHHHHHHHHHHHHHHHHHHH!!!!! </editorial>

Note: you have to reboot to get this to take:

$ scanimage -L device epkowa:interpreter:001:003' is a Epson Perfection V300 flatbed scanner devicenet:localhost:epkowa:interpreter:001:003' is a Epson Perfection V300 flatbed scanner

$ xsane net:localhost worked

Unplugging and replugging the scanner: $ scanimage -L device epkowa:interpreter:001:008' is a Epson Perfection V300 flatbed scanner devicenet:localhost:epkowa:interpreter:001:008' is a Epson Perfection V300 flatbed scanner

$ xsane net:localhost worked


A fun command:

# rpm -qf /usr/lib/udev/rules.d/65-sane-backends.rules
edit flag offensive delete link more

answered 2018-03-10 08:40:28 -0500

fcomida gravatar image

Do your homework first. Read the docs, you will discover there is a systemd service for starting saned and probably a selinux policy for securing it. I don't know and I don't care since I don't use it.

edit flag offensive delete link more


I have been reading the docs since November. What an unhelpful answer.

toddandmargo gravatar imagetoddandmargo ( 2018-03-10 14:26:12 -0500 )edit

Well if you do not provide context to your I understand there is a bug somewhere in the chain of programs (systemd,udev) and configuration files that should, at the end, bring saned up and running correctly.

fcomida gravatar imagefcomida ( 2018-03-10 17:08:21 -0500 )edit

Question Tools

1 follower


Asked: 2018-03-09 17:21:57 -0500

Seen: 175 times

Last updated: Mar 10 '18