2008-02-14 01:57:19 +00:00
|
|
|
|
<HTML>
|
|
|
|
|
<HEAD>
|
|
|
|
|
<TITLE>saned.8</TITLE>
|
|
|
|
|
</HEAD>
|
2018-03-01 14:42:35 +00:00
|
|
|
|
<BODY BGCOLOR=#FFFFFF TEXT=#000000><H1 ALIGN=CENTER><IMG SRC="../images/sane.png" HEIGHT=117 WIDTH=346></H1>
|
2008-02-14 01:57:19 +00:00
|
|
|
|
<H1>saned.8</H1>
|
|
|
|
|
<HR>
|
|
|
|
|
<PRE>
|
|
|
|
|
<!-- Manpage converted by man2html 3.0.1 -->
|
|
|
|
|
<B><A HREF="saned.8.html">saned(8)</A></B> SANE Scanner Access Now Easy <B><A HREF="saned.8.html">saned(8)</A></B>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</PRE>
|
|
|
|
|
<H2>NAME</H2><PRE>
|
|
|
|
|
saned - SANE network daemon
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</PRE>
|
|
|
|
|
<H2>SYNOPSIS</H2><PRE>
|
2013-10-01 02:17:11 +00:00
|
|
|
|
<B>saned</B> <B>[</B> <B>-a</B> <I>[</I> <I>username</I> <I>]</I> <B>|</B> <B>-d</B> <I>[</I> <I>n</I> <I>]</I> <B>|</B> <B>-s</B> <I>[</I> <I>n</I> <I>]</I> <B>|</B> <B>-h</B> <B>]</B>
|
2008-02-14 01:57:19 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</PRE>
|
|
|
|
|
<H2>DESCRIPTION</H2><PRE>
|
|
|
|
|
<B>saned</B> is the SANE (Scanner Access Now Easy) daemon that allows remote
|
|
|
|
|
clients to access image acquisition devices available on the local
|
|
|
|
|
host.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</PRE>
|
|
|
|
|
<H2>OPTIONS</H2><PRE>
|
2010-02-10 15:23:52 +00:00
|
|
|
|
The <B>-a</B> flag requests that <B>saned</B> run in standalone daemon mode. In this
|
|
|
|
|
mode, <B>saned</B> will detach from the console and run in the background,
|
|
|
|
|
listening for incoming client connections; <B>inetd</B> is not required for
|
|
|
|
|
<B>saned</B> operations in this mode. If the optional <B>username</B> is given after
|
2012-08-27 01:52:45 +00:00
|
|
|
|
<B>-a</B> , <B>saned</B> will drop root privileges and run as this user (and group).
|
2010-02-10 15:23:52 +00:00
|
|
|
|
|
2008-02-14 01:57:19 +00:00
|
|
|
|
The <B>-d</B> and <B>-s</B> flags request that <B>saned</B> run in debug mode (as opposed to
|
2013-10-01 02:17:11 +00:00
|
|
|
|
<B><A HREF="inetd.8.html">inetd(8)</A></B> daemon mode). In this mode, <B>saned</B> explicitly waits for a con‐
|
|
|
|
|
nection request. When compiled with debugging enabled, these flags may
|
|
|
|
|
be followed by a number to request debug info. The larger the number,
|
|
|
|
|
the more verbose the debug output. E.g., <B>-d128</B> will request printing
|
|
|
|
|
of all debug info. Debug level 0 means no debug output at all. The
|
|
|
|
|
default value is 2. If flag <B>-d</B> is used, the debug messages will be
|
|
|
|
|
printed to stderr while <B>-s</B> requests using syslog.
|
2008-02-14 01:57:19 +00:00
|
|
|
|
|
2013-10-01 02:17:11 +00:00
|
|
|
|
If <B>saned</B> is run from inetd, xinetd or systemd, no option can be given.
|
|
|
|
|
|
|
|
|
|
The <B>-h</B> flag displays a short help message.
|
2008-02-14 01:57:19 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</PRE>
|
|
|
|
|
<H2>CONFIGURATION</H2><PRE>
|
|
|
|
|
First and foremost: <B>saned</B> is not intended to be exposed to the internet
|
2012-08-27 01:52:45 +00:00
|
|
|
|
or other non-trusted networks. Make sure that access is limited by tcp‐
|
|
|
|
|
wrappers and/or a firewall setup. Don't depend only on <B>saned</B>'s own
|
|
|
|
|
authentication. Don't run <B>saned</B> as root if it's not necessary. And do
|
2008-02-14 01:57:19 +00:00
|
|
|
|
<B>not</B> install <B>saned</B> as setuid root.
|
|
|
|
|
|
2012-08-27 01:52:45 +00:00
|
|
|
|
The <I>saned.conf</I> configuration file contains both options for the daemon
|
2010-02-10 15:23:52 +00:00
|
|
|
|
and the access list.
|
|
|
|
|
|
|
|
|
|
<B>data_portrange</B> = <I>min</I><B>_</B><I>port</I> - <I>max</I><B>_</B><I>port</I>
|
2012-08-27 01:52:45 +00:00
|
|
|
|
Specify the port range to use for the data connection. Pick a
|
|
|
|
|
port range between 1024 and 65535; don't pick a too large port
|
|
|
|
|
range, as it may have performance issues. Use this option if
|
2010-02-10 15:23:52 +00:00
|
|
|
|
your <B>saned</B> server is sitting behind a firewall. If that firewall
|
2012-08-27 01:52:45 +00:00
|
|
|
|
is a Linux machine, we strongly recommend using the Netfilter
|
2010-02-10 15:23:52 +00:00
|
|
|
|
<I>nf</I><B>_</B><I>conntrack</I><B>_</B><I>sane</I> module instead.
|
|
|
|
|
|
2012-08-27 01:52:45 +00:00
|
|
|
|
The access list is a list of host names, IP addresses or IP subnets
|
|
|
|
|
(CIDR notation) that are permitted to use local SANE devices. IPv6
|
|
|
|
|
addresses must be enclosed in brackets, and should always be specified
|
|
|
|
|
in their compressed form. Connections from localhost are always permit‐
|
2010-02-10 15:23:52 +00:00
|
|
|
|
ted. Empty lines and lines starting with a hash mark (#) are ignored. A
|
2012-08-27 01:52:45 +00:00
|
|
|
|
line containing the single character ``+'' is interpreted to match any
|
|
|
|
|
hostname. This allows any remote machine to use your scanner and may
|
2010-02-10 15:23:52 +00:00
|
|
|
|
present a security risk, so this shouldn't be used unless you know what
|
|
|
|
|
you're doing.
|
|
|
|
|
|
|
|
|
|
A sample configuration file is shown below:
|
|
|
|
|
|
|
|
|
|
# Daemon options
|
|
|
|
|
data_portrange = 10000 - 10100
|
|
|
|
|
# Access list
|
2008-02-14 01:57:19 +00:00
|
|
|
|
scan-client.somedomain.firm
|
|
|
|
|
# this is a comment
|
|
|
|
|
192.168.0.1
|
|
|
|
|
192.168.2.12/29
|
|
|
|
|
[::1]
|
2012-08-27 01:52:45 +00:00
|
|
|
|
[2001:db8:185e::42:12]/64
|
2008-02-14 01:57:19 +00:00
|
|
|
|
|
2012-08-27 01:52:45 +00:00
|
|
|
|
The case of the host names does not matter, so AHost.COM is considered
|
2008-02-14 01:57:19 +00:00
|
|
|
|
identical to ahost.com.
|
|
|
|
|
|
2010-02-10 15:23:52 +00:00
|
|
|
|
|
|
|
|
|
</PRE>
|
2013-10-01 02:17:11 +00:00
|
|
|
|
<H2>SERVER DAEMON CONFIGURATION</H2><PRE>
|
2010-02-10 15:23:52 +00:00
|
|
|
|
For <B>saned</B> to work properly in its default mode of operation, it is also
|
2013-10-01 02:17:11 +00:00
|
|
|
|
necessary to add the appropriate configuration for <I>(x)inetd</I> <I>or</I> <I>systemd.</I>
|
|
|
|
|
(see below). Note that your inetd must support IPv6 if you want to
|
|
|
|
|
connect to saned over IPv6 ; xinetd, openbsd-inetd and systemd are
|
|
|
|
|
known to support IPv6, check the documentation for your inetd daemon.
|
|
|
|
|
|
|
|
|
|
In the sections below the configuration for <I>inetd,</I> <I>xinetd</I> and <I>systemd</I>
|
|
|
|
|
are described in more detail.
|
|
|
|
|
|
|
|
|
|
For the configurations below it is necessary to add a line of the fol‐
|
|
|
|
|
lowing form to <I>/etc/services</I>:
|
|
|
|
|
|
|
|
|
|
sane-port 6566/tcp # SANE network scanner daemon
|
|
|
|
|
|
|
|
|
|
The official IANA short name for port 6566 is "sane-port". The older
|
|
|
|
|
name "sane" is now deprecated.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</PRE>
|
|
|
|
|
<H2>INETD CONFIGURATION</H2><PRE>
|
|
|
|
|
It is required to add a single line to the inetd configuration file
|
|
|
|
|
<I>(/etc/inetd.conf)</I>
|
2008-02-14 01:57:19 +00:00
|
|
|
|
|
|
|
|
|
The configuration line normally looks like this:
|
|
|
|
|
|
2017-05-22 22:39:44 +00:00
|
|
|
|
sane-port stream tcp nowait saned.saned /usr/local/sbin/saned
|
|
|
|
|
saned
|
2008-02-14 01:57:19 +00:00
|
|
|
|
|
2017-05-22 22:39:44 +00:00
|
|
|
|
However, if your system uses <B><A HREF="tcpd.8.html">tcpd(8)</A></B> for additional security screening,
|
|
|
|
|
you may want to disable saned access control by putting ``+'' in
|
|
|
|
|
<I>saned.conf</I> and use a line of the following form in <I>/etc/inetd.conf</I>
|
|
|
|
|
instead:
|
2013-10-01 02:17:11 +00:00
|
|
|
|
|
2017-05-22 22:39:44 +00:00
|
|
|
|
sane-port stream tcp nowait saned.saned /usr/sbin/tcpd
|
|
|
|
|
/usr/local/sbin/saned
|
2008-02-14 01:57:19 +00:00
|
|
|
|
|
2017-05-22 22:39:44 +00:00
|
|
|
|
Note that both examples assume that there is a <B>saned</B> group and a <B>saned</B>
|
|
|
|
|
user. If you follow this example, please make sure that the access
|
|
|
|
|
permissions on the special device are set such that <B>saned</B> can access
|
|
|
|
|
the scanner (the program generally needs read and write access to scan‐
|
|
|
|
|
ner devices).
|
2008-02-14 01:57:19 +00:00
|
|
|
|
|
|
|
|
|
|
2013-10-01 02:17:11 +00:00
|
|
|
|
</PRE>
|
|
|
|
|
<H2>XINETD CONFIGURATION</H2><PRE>
|
2017-05-22 22:39:44 +00:00
|
|
|
|
If xinetd is installed on your system instead of inetd the following
|
2013-10-01 02:17:11 +00:00
|
|
|
|
example for <I>/etc/xinetd.conf</I> may be helpful:
|
2008-02-14 01:57:19 +00:00
|
|
|
|
|
|
|
|
|
# default: off
|
|
|
|
|
# description: The sane server accepts requests
|
|
|
|
|
# for network access to a local scanner via the
|
|
|
|
|
# network.
|
|
|
|
|
service sane-port
|
|
|
|
|
{
|
|
|
|
|
port = 6566
|
|
|
|
|
socket_type = stream
|
|
|
|
|
wait = no
|
|
|
|
|
user = saned
|
|
|
|
|
group = saned
|
2017-05-22 22:39:44 +00:00
|
|
|
|
server = /usr/local/sbin/saned
|
2008-02-14 01:57:19 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2013-10-01 02:17:11 +00:00
|
|
|
|
</PRE>
|
|
|
|
|
<H2>SYSTEMD CONFIGURATION</H2><PRE>
|
2017-05-22 22:39:44 +00:00
|
|
|
|
Saned can be compiled with explicit systemd support. This will allow
|
|
|
|
|
logging debugging information to be forwarded to the systemd journal.
|
|
|
|
|
The systemd support requires compilation with the systemd-devel package
|
|
|
|
|
installed on the system. this is the preferred option.
|
2008-02-14 01:57:19 +00:00
|
|
|
|
|
2017-05-22 22:39:44 +00:00
|
|
|
|
Saned can be used wih systemd without the systemd integration compiled
|
|
|
|
|
in, but then logging of debug information is not supported.
|
|
|
|
|
|
|
|
|
|
The systemd configuration is different for the 2 options, so both are
|
|
|
|
|
described below.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</PRE>
|
|
|
|
|
<H2>Systemd configuration for saned with systemd support compiled in</H2><PRE>
|
|
|
|
|
for the systemd configuration we need to add 2 configuration files in
|
|
|
|
|
<I>/etc/systemd/system.</I>
|
|
|
|
|
|
|
|
|
|
The first file we need to add here is called <I>saned.socket.</I> It shall
|
2013-10-01 02:17:11 +00:00
|
|
|
|
have the following contents:
|
|
|
|
|
|
|
|
|
|
[Unit]
|
|
|
|
|
Description=saned incoming socket
|
|
|
|
|
|
|
|
|
|
[Socket]
|
|
|
|
|
ListenStream=6566
|
|
|
|
|
Accept=yes
|
|
|
|
|
MaxConnections=1
|
|
|
|
|
|
|
|
|
|
[Install]
|
|
|
|
|
WantedBy=sockets.target
|
|
|
|
|
|
2017-05-22 22:39:44 +00:00
|
|
|
|
The second file to be added is <I>saned@.service</I> with the following con‐
|
2013-10-01 02:17:11 +00:00
|
|
|
|
tents:
|
|
|
|
|
|
|
|
|
|
[Unit]
|
|
|
|
|
Description=Scanner Service
|
|
|
|
|
Requires=saned.socket
|
|
|
|
|
|
|
|
|
|
[Service]
|
|
|
|
|
ExecStart=/usr/sbin/saned
|
|
|
|
|
User=saned
|
|
|
|
|
Group=saned
|
|
|
|
|
StandardInput=null
|
|
|
|
|
StandardOutput=syslog
|
|
|
|
|
StandardError=syslog
|
2017-05-22 22:39:44 +00:00
|
|
|
|
Environment=SANE_CONFIG_DIR=/usr/local/etc/sane.d
|
|
|
|
|
# If you need to debug your configuration uncomment the next line and
|
|
|
|
|
# change it as appropriate to set the desired debug options
|
|
|
|
|
# Environment=SANE_DEBUG_DLL=255 SANE_DEBUG_BJNP=5
|
|
|
|
|
|
|
|
|
|
[Install]
|
|
|
|
|
Also=saned.socket
|
|
|
|
|
|
|
|
|
|
You need to set an environment variable for <B>SANE_CONFIG_DIR</B> pointing to
|
|
|
|
|
the directory where saned can find its configuration files. you will
|
|
|
|
|
have to remove the # on the last line and set the variables for the
|
|
|
|
|
desired debugging information if required. Multiple variables can be
|
|
|
|
|
set by separating the assignments by spaces as shown in the example
|
|
|
|
|
above.
|
|
|
|
|
|
|
|
|
|
Unlike <I>(x)inetd</I> , systemd allows debugging output from backends set
|
|
|
|
|
using <B>SANE_DEBUG_XXX</B> to be captured. See the man-page for your backend
|
|
|
|
|
to see what options are supported. With the service unit as described
|
|
|
|
|
above, the debugging output is forwarded to the system log.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</PRE>
|
|
|
|
|
<H2>Systemd configuration when saned is compiled without systemd support</H2><PRE>
|
|
|
|
|
This configuration will also work when Saned is compiled WITH systemd
|
|
|
|
|
integration support, but it does not allow debugging information to be
|
|
|
|
|
logged.
|
|
|
|
|
|
|
|
|
|
for systemd configuration for saned, we need to add 2 configuration
|
|
|
|
|
files in <I>/etc/systemd/system.</I>
|
|
|
|
|
|
|
|
|
|
The first file we need to add here is called <I>saned.socket.</I> It is iden‐
|
|
|
|
|
tical to the version for systemd with the support compiled in. It
|
|
|
|
|
shall have the following contents:
|
|
|
|
|
|
|
|
|
|
[Unit]
|
|
|
|
|
Description=saned incoming socket
|
|
|
|
|
|
|
|
|
|
[Socket]
|
|
|
|
|
ListenStream=6566
|
|
|
|
|
Accept=yes
|
|
|
|
|
MaxConnections=1
|
|
|
|
|
|
|
|
|
|
[Install]
|
|
|
|
|
WantedBy=sockets.target
|
|
|
|
|
|
|
|
|
|
The second file to be added is <I>saned@.service</I> This one differes from
|
|
|
|
|
the sersion with systemd integration compiled in:
|
|
|
|
|
|
|
|
|
|
[Unit]
|
|
|
|
|
Description=Scanner Service
|
|
|
|
|
Requires=saned.socket
|
2013-10-01 02:17:11 +00:00
|
|
|
|
|
2017-05-22 22:39:44 +00:00
|
|
|
|
[Service]
|
|
|
|
|
ExecStart=/usr/sbin/saned
|
|
|
|
|
User=saned
|
|
|
|
|
Group=saned
|
|
|
|
|
StandardInput=socket
|
2013-10-01 02:17:11 +00:00
|
|
|
|
|
2017-05-22 22:39:44 +00:00
|
|
|
|
Environment=SANE_CONFIG_DIR=/etc/sane.d
|
|
|
|
|
|
|
|
|
|
[Install]
|
|
|
|
|
Also=saned.socket
|
2008-02-14 01:57:19 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</PRE>
|
|
|
|
|
<H2>FILES</H2><PRE>
|
|
|
|
|
<I>/etc/hosts.equiv</I>
|
2013-10-01 02:17:11 +00:00
|
|
|
|
The hosts listed in this file are permitted to access all local
|
|
|
|
|
SANE devices. Caveat: this file imposes serious security risks
|
2008-02-14 01:57:19 +00:00
|
|
|
|
and its use is not recommended.
|
|
|
|
|
|
2017-05-22 22:39:44 +00:00
|
|
|
|
<I>/usr/local/etc/sane.d/saned.conf</I>
|
2013-10-01 02:17:11 +00:00
|
|
|
|
Contains a list of hosts permitted to access local SANE devices
|
2008-02-14 01:57:19 +00:00
|
|
|
|
(see also description of <B>SANE_CONFIG_DIR</B> below).
|
|
|
|
|
|
2017-05-22 22:39:44 +00:00
|
|
|
|
<I>/usr/local/etc/sane.d/saned.users</I>
|
2008-02-14 01:57:19 +00:00
|
|
|
|
If this file contains lines of the form
|
|
|
|
|
|
|
|
|
|
user:password:backend
|
|
|
|
|
|
2013-10-01 02:17:11 +00:00
|
|
|
|
access to the listed backends is restricted. A backend may be
|
|
|
|
|
listed multiple times for different user/password combinations.
|
2010-02-10 15:23:52 +00:00
|
|
|
|
The server uses MD5 hashing if supported by the client.
|
2008-02-14 01:57:19 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</PRE>
|
|
|
|
|
<H2>ENVIRONMENT</H2><PRE>
|
|
|
|
|
<B>SANE_CONFIG_DIR</B>
|
|
|
|
|
This environment variable specifies the list of directories that
|
|
|
|
|
may contain the configuration file. Under UNIX, the directories
|
2013-10-01 02:17:11 +00:00
|
|
|
|
are separated by a colon (`:'), under OS/2, they are separated
|
2012-08-27 01:52:45 +00:00
|
|
|
|
by a semi-colon (`;'). If this variable is not set, the config‐
|
2013-10-01 02:17:11 +00:00
|
|
|
|
uration file is searched in two default directories: first, the
|
2017-05-22 22:39:44 +00:00
|
|
|
|
current working directory (".") and then in
|
|
|
|
|
/usr/local/etc/sane.d. If the value of the environment variable
|
|
|
|
|
ends with the directory separator character, then the default
|
|
|
|
|
directories are searched after the explicitly specified directo‐
|
|
|
|
|
ries. For example, setting <B>SANE_CONFIG_DIR</B> to "/tmp/config:"
|
|
|
|
|
would result in directories "tmp/config", ".", and
|
|
|
|
|
"/usr/local/etc/sane.d" being searched (in this order).
|
2008-02-14 01:57:19 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</PRE>
|
|
|
|
|
<H2>SEE ALSO</H2><PRE>
|
2010-02-10 15:23:52 +00:00
|
|
|
|
<B><A HREF="sane.7.html">sane(7)</A></B>, <B><A HREF="scanimage.1.html">scanimage(1)</A></B>, <B><A HREF="xscanimage.1.html">xscanimage(1)</A></B>, <B><A HREF="xcam.1.html">xcam(1)</A></B>, <B><A HREF="sane-dll.5.html">sane-dll(5)</A></B>,
|
|
|
|
|
<B><A HREF="sane-net.5.html">sane-net(5)</A></B>, <B>sane-"backendname"</B>(5)
|
2008-02-14 01:57:19 +00:00
|
|
|
|
<I>http://www.penguin-breeder.org/?page=sane-net</I>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
</PRE>
|
|
|
|
|
<H2>AUTHOR</H2><PRE>
|
|
|
|
|
David Mosberger
|
|
|
|
|
|
2010-02-10 15:23:52 +00:00
|
|
|
|
20 Apr 2009 <B><A HREF="saned.8.html">saned(8)</A></B>
|
2008-02-14 01:57:19 +00:00
|
|
|
|
</PRE>
|
|
|
|
|
<HR>
|
|
|
|
|
<ADDRESS>
|
|
|
|
|
Man(1) output converted with
|
|
|
|
|
<a href="http://www.oac.uci.edu/indiv/ehood/man2html.html">man2html</a>
|
|
|
|
|
</ADDRESS>
|
|
|
|
|
</BODY>
|
|
|
|
|
</HTML>
|