HP 6200 scanner on USB not working as user
I configured this scanner in YaST, and can use it through USB as root. But I can't use it as a user. Thanks to the other recent thread about scanning, I did this: enterprise:/etc/sane.d #SANE_DEBUG_DLL=3 scanimage -L [sanei_debug] Setting debug level of dll to 9. [dll] sane_init: SANE dll backend version 1.0.8 from sane-backends 1.0.11 [dll] add_backend: adding backend `hp' [dll] load: searching backend `hp' in `/usr/lib/sane' [dll] load: trying to load `/usr/lib/sane/libsane-hp.so.1' [dll] load: dlopen()ing `/usr/lib/sane/libsane-hp.so.1' [dll] init: initializing backend `hp' [dll] init: backend `hp' is version 1.0.8 device `hp:libusb:001:002' is a Hewlett-Packard ScanJet 62x0C flatbed scanner [dll] sane_exit: exiting [dll] sane_exit: calling backend `hp's exit function [dll] sane_exit: finished As the user, though, I get: david@enterprise:~> SANE_DEBUG_DLL=9 scanimage -L [sanei_debug] Setting debug level of dll to 9. [dll] sane_init: SANE dll backend version 1.0.8 from sane-backends 1.0.11 [dll] add_backend: adding backend `hp' [dll] load: searching backend `hp' in `/usr/lib/sane' [dll] load: trying to load `/usr/lib/sane/libsane-hp.so.1' [dll] load: dlopen()ing `/usr/lib/sane/libsane-hp.so.1' [dll] init: initializing backend `hp' [dll] init: backend `hp' is version 1.0.8 No scanners were identified. If you were expecting something different, check that the scanner is plugged in, turned on and detected by the sane-find-scanner tool (if appropriate). Please read the documentation which came with this software (README, FAQ, manpages). [dll] sane_exit: exiting [dll] sane_exit: calling backend `hp's exit function [dll] sane_exit: finished The problem obviously lies in the permissions, but I have no idea what permissions to set on the device "hp:libusb:001:002" so that a normal user can operate the scanner. I tried using `lsof' while scanning as root, but I don't even seen any devices in the list. (I don't know much about lsof, so I may not be using the right flags.) Can anyone tell me how to setup a "libusb" scanner for regular users? Thanks, dk
<snip>
Can anyone tell me how to setup a "libusb" scanner for regular users?
Thanks, dk
Look at the hp.conf file in the /etc/sane.d/ directory and see what device the scanner is attached to. It should be the one that is not commented out. That is weird though, I set my scanner up in Yast2 and it had the correct permissions for a user when it was done configuring. I guess that YMMV.
On Tue, 2003-05-27 at 05:49, Marshall Heartley wrote:
Look at the hp.conf file in the /etc/sane.d/ directory and see what device the scanner is attached to. It should be the one that is not commented out.
Aha! Now we're getting somewhere. The device called out in that file is /dev/scanner, but I don't have a /dev/scanner. I figure this is supposed to be a symlink to a real device, but I have no idea what it should be. Again, I couldn't even tell from lsof what device was actually in use when root performed a scan. dk
Aha! Now we're getting somewhere. The device called out in that file is /dev/scanner, but I don't have a /dev/scanner. I figure this is supposed to be a symlink to a real device, but I have no idea what it should be. Again, I couldn't even tell from lsof what device was actually in use when root performed a scan.
Hmmm... if this is a usb scanner, it should be pointing to a usbscanner device. Mine is pointing to /dev/usbscanner or /dev/usb/scanner0. Id this where it shows up when you execute the sane-find-scanner command? Or something similar? -- Marshall "Nothing is impossible, we just do not have all the anwsers to make the impossible, possible."
On Tue, 2003-05-27 at 08:38, Marshall Heartley wrote:
Hmmm... if this is a usb scanner, it should be pointing to a usbscanner device. Mine is pointing to /dev/usbscanner or /dev/usb/scanner0. Id this where it shows up when you execute the sane-find-scanner command? Or something similar?
This is what I get, as both root and my user account: found USB scanner (vendor=0x03f0, product=0x0201) at libusb:001:002 I tried changing the device in /etc/sane.d/hp.conf to /dev/usb/scanner0, but that didn't work. Somehow, this is bundled up in the whole "libusb" thing, and I can't figure out what actual device in /dev is being used. Very frustrating! dk
On 05/28/2003 09:00 AM, David Krider wrote:
This is what I get, as both root and my user account:
found USB scanner (vendor=0x03f0, product=0x0201) at libusb:001:002
I tried changing the device in /etc/sane.d/hp.conf to /dev/usb/scanner0, but that didn't work. Somehow, this is bundled up in the whole "libusb" thing, and I can't figure out what actual device in /dev is being used.
What does hwscan --scanner give you? It should at least give you an idea of the device. -- Joe Morris New Tribes Mission Email Address: Joe_Morris@ntm.org Web Address: http://www.mydestiny.net/~joe_morris Registered Linux user 231871 God said, I AM that I AM. I say, by the grace of God, I am what I am.
On Tue, 2003-05-27 at 20:42, Joe Morris (NTM) wrote:
What does hwscan --scanner give you? It should at least give you an idea of the device.
Hrm. This is interesting. YaST sees the scanner (and says it's connected to "Net (libusb), but `hwscan --scanner' gives nothing. If I do a `hwscan --list', I see a line like the following: B3Fu.DEMiWoyAA_B: (cfg=yes, avail=yes, need=no) scanner Hewlett-Packard HP ScanJet 6200C Curiouser and curiouser. Thanks for taking a look at this everyone. I'm really lost now. dk
* David Krider
On Tue, 2003-05-27 at 20:42, Joe Morris (NTM) wrote:
What does hwscan --scanner give you? It should at least give you an idea of the device.
Hrm. This is interesting. YaST sees the scanner (and says it's connected to "Net (libusb), but `hwscan --scanner' gives nothing. If I do a `hwscan --list', I see a line like the following:
B3Fu.DEMiWoyAA_B: (cfg=yes, avail=yes, need=no) scanner Hewlett-Packard HP ScanJet 6200C
What does usbview show ?? -- Patrick Shanahan Please avoid TOFU and trim >quotes< http://wahoo.no-ip.org Registered Linux User #207535 icq#173753138 @ http://counter.li.org Linux, a continuous *learning* experience
On Tue, 2003-05-27 at 21:52, Patrick Shanahan wrote:
What does usbview show ??
Since attachments are verboten on the list, I'll just have to say that it shows my scanner. It's correctly identified, but it is listed in red. Does this mean something? I suspect it means that there is no driver for that device, but what I'm reading about libusb says that I don't need one. I'm so confused. Root can use it, so it's obviously not in need of a driver. dk
On my NT server, I never leave the admin account named Administrator. As that seems to be the first thing people always try to mess with. So I usually have it named something very obscure. Is there a way to do that with root in Linux? So that I don't even have an account named root. I'd like to be able to just change it's name if possible. Thanks, -Trey
* Trey (urlik.skarsol@gte.net) [030528 11:25]:
On my NT server, I never leave the admin account named Administrator. As that seems to be the first thing people always try to mess with. So I usually have it named something very obscure.
That doesn't buy you anything but yes, you can change the name to whatever you want. See vipw(8). -- -ckm
On Wednesday 28 May 2003 10:39, Trey wrote:
On my NT server, I never leave the admin account named Administrator. As that seems to be the first thing people always try to mess with. So I usually have it named something very obscure.
I would have thought that someone who uses linux would already know that security through obscurity is a fiction that only microsoft believes anymore. -- _____________________________________ John Andersen
On my NT server, I never leave the admin account named Administrator.
As that seems to be the first thing people always try to mess with. So I usually have it named something very obscure.
I would have thought that someone who uses linux would already know that security through obscurity is a fiction that only microsoft believes anymore.
I would actually disagree. Security through obscurity works. Consider the example given. If a cracker does not know the administrator account name, nor the account name of any other user on the system, and he/she does not have physical access to the machine, how much more difficult is it for them to gain access to the machine than if they knew the admin account was simply names "administrator"? Probably difficult enough for them to give up and crack someone else's box instead. An alternate solution, and probably equally effective, for *nix is to prevent the root user from being able to login remotely. Instead, require a normal user login and a su to root. The helps immensely in tracking down who did what and when - especially if your logging is configured properly. -- John LeMay KC2KTH Senior Enterprise Consultant NJMC | http://www.njmc.com | Phone 732-557-4848 Specializing in Microsoft and Unix based solutions
On Thu, 2003-05-29 at 08:12, John LeMay wrote:
On my NT server, I never leave the admin account named Administrator.
As that seems to be the first thing people always try to mess with. So I usually have it named something very obscure.
I would have thought that someone who uses linux would already know that security through obscurity is a fiction that only microsoft believes anymore.
I would actually disagree. Security through obscurity works. Consider the example given. If a cracker does not know the administrator account name, nor the account name of any other user on the system, and he/she does not have physical access to the machine, how much more difficult is it for them to gain access to the machine than if they knew the admin account was simply names "administrator"? Probably difficult enough for them to give up and crack someone else's box instead.
As you might know, there are several *very easy* ways to enumerate user names on a remote NT machine. This, of course, includes the admin account name - regardless of it being renamed or not. If one knows these ways, and real crackers do, then there's no any difference regarding difficulty - whether the admin name is default or it was renamed. By renaming admin you really hide very little - practically nothing. It might work against most ignorant attackers only - this is often the case with security through obscurity. The proper way would be to take a number of preventive measures against these enumeration techniques, which is another story... something that has nothing to do with obscurity, but with real security job. Sincerely, cikasole
On Thursday 29 May 2003 00:31, Radule Soskic wrote:
The proper way would be to take a number of preventive measures against these enumeration techniques, which is another story... something that has nothing to do with obscurity, but with real security job.
heh,,, Like running a linux firewall infront of every NT box. ;-) -- _____________________________________ John Andersen
** Reply to message from David Krider
** Reply to message from David Krider
On Tue, 2003-05-27 at 22:29, Ed Harrison wrote:
This is the scanner I have. Since sane-find-scanner can see it, you are almost home.
I tried all these changes (including the hpusbscsi module), but it still won't work for the user. The hard part for me to understand about making these changes is that root can use it, so the config ought to have been right to begin with. I figure there was no harm in trying, though. It's still back to the fact that the scanner, an HP 6200C running on USB, can be used by root, but not by a user. As someone else pointed out, that's got to mean it's a permissions problem. But what file do I change the permissions on so that a normal user can access "hp:libusb:001:002"? Thanks everyone so far... dk
On 05/29/2003 07:37 PM, David Krider wrote:
It's still back to the fact that the scanner, an HP 6200C running on USB, can be used by root, but not by a user. As someone else pointed out, that's got to mean it's a permissions problem. But what file do I change the permissions on so that a normal user can access "hp:libusb:001:002"?
Check /etc/resmgr.conf. I don't know if you boot into KDM or console, but you might also need to add pam.resmgr.so to /etc/pam.d/login so resmgr also works from a console boot. This program (resource manager) sets permissions on devices when you login. That should do what you want. -- Joe Morris New Tribes Mission Email Address: Joe_Morris@ntm.org Web Address: http://www.mydestiny.net/~joe_morris Registered Linux user 231871 God said, I AM that I AM. I say, by the grace of God, I am what I am.
On Thu, 2003-05-29 at 08:26, Joe Morris (NTM) wrote:
Check /etc/resmgr.conf. I don't know if you boot into KDM or console, but you might also need to add pam.resmgr.so to /etc/pam.d/login so resmgr also works from a console boot. This program (resource manager) sets permissions on devices when you login. That should do what you want.
I use KDE. Well, I'm not at my machine right now, but I did notice that my user owns all the /dev/usb/scanner? entries, so I think this is working. My question keeps coming back to: How do I determine which file system /dev device is related to "hp:libusb:001:002"? Thanks for your continuing help, dk
participants (10)
-
Christopher Mahmood -
David Krider -
Ed Harrison -
Joe Morris (NTM) -
John Andersen -
John LeMay -
Marshall Heartley -
Patrick Shanahan -
Radule Soskic -
Trey