kopia lustrzana https://gitlab.com/sane-project/website
182 wiersze
7.6 KiB
HTML
182 wiersze
7.6 KiB
HTML
<HTML>
|
|
<HEAD>
|
|
<TITLE>saned.1</TITLE>
|
|
</HEAD>
|
|
<BODY BGCOLOR=#FFFFFF TEXT=#000000><H1 ALIGN=CENTER><IMG SRC="../sane.png" HEIGHT=117 WIDTH=346></H1>
|
|
<H1>saned.1</H1>
|
|
<HR>
|
|
<PRE>
|
|
<!-- Manpage converted by man2html 3.0.1 -->
|
|
<B><A HREF="saned.1.html">saned(1)</A></B> SANE Scanner Access Now Easy <B><A HREF="saned.1.html">saned(1)</A></B>
|
|
|
|
|
|
</PRE>
|
|
<H2>NAME</H2><PRE>
|
|
saned - SANE network daemon
|
|
|
|
|
|
</PRE>
|
|
<H2>SYNOPSIS</H2><PRE>
|
|
<B>saned</B> [<B>-d</B>|<B>-s</B> [<I>n</I>]]
|
|
|
|
|
|
</PRE>
|
|
<H2>DESCRIPTION</H2><PRE>
|
|
<B>saned</B> is the SANE (Scanner Access Now Easy) daemon that allows remote
|
|
clients to access image acquisition devices available on the local
|
|
host.
|
|
|
|
|
|
</PRE>
|
|
<H2>OPTIONS</H2><PRE>
|
|
The <B>-d</B> and <B>-s</B> flags request that <B>saned</B> run in debug mode (as opposed to
|
|
<B><A HREF="inetd.8.html">inetd(8)</A></B> mode). In this mode, <B>saned</B> explicitly waits for a connection
|
|
request. When compiled with debugging enabled, these flags may be fol-
|
|
lowed by a number to request debug info. The larger the number, the
|
|
more verbose the debug output. E.g., <B>-d128</B> will request printing of
|
|
all debug info. Debug level 0 means no debug output at all. The default
|
|
value is 2. If flag <B>-d</B> is used, the debug messages will be printed to
|
|
stderr while <B>-s</B> requests using syslog.
|
|
|
|
If <B>saned</B> is run from inetd or xinetd, no option can be given.
|
|
|
|
|
|
</PRE>
|
|
<H2>CONFIGURATION</H2><PRE>
|
|
First and foremost: <B>saned</B> is not intended to be exposed to the internet
|
|
or other non-trusted networks. Make sure that access is limited by tcp-
|
|
wrappers and/or a firewall setup. Don't depend only on <B>saned</B>'s own
|
|
authentification. Don't run <B>saned</B> as root if it's not necessary. And do
|
|
<B>not</B> install <B>saned</B> as setuid root.
|
|
|
|
The contents of the <I>saned.conf</I> file is a list of host names or IP
|
|
addresses that are permitted to use local SANE devices. Connections
|
|
from localhost are always permitted. Empty lines and lines starting
|
|
with a hash mark (#) are ignored. A line containing the single charac-
|
|
ter ``+'' is interpreted to match any hostname. This allows any remote
|
|
machine to use your scanner and may present a security risk, so this
|
|
shouldn't be used unless you know what you're doing. A sample configu-
|
|
ration file is shown below:
|
|
|
|
scan-client.somedomain.firm
|
|
# this is a comment
|
|
192.168.0.1
|
|
::1
|
|
|
|
The case of the host names does not matter, so AHost.COM is considered
|
|
identical to ahost.com. IPv6 addresses should always be specified in
|
|
their compressed form.
|
|
|
|
For <B>saned</B> to work properly, it is also necessary to add a configuration
|
|
line to <I>/etc/inetd.conf</I>. Note that your inetd must support IPv6 if you
|
|
want to connect to saned over IPv6 ; xinetd and openbsd-inetd are known
|
|
to support IPv6, check the documentation for your inetd daemon.
|
|
|
|
The configuration line normally looks like this:
|
|
|
|
sane stream tcp nowait saned.saned /usr/local/sbin/saned saned
|
|
|
|
However, if your system uses <B><A HREF="tcpd.8.html">tcpd(8)</A></B> for additional security screening,
|
|
you may want to disable saned access control by putting ``+'' in
|
|
<I>saned.conf</I> and use a line of the following form in <I>/etc/inetd.conf</I>
|
|
instead:
|
|
|
|
sane stream tcp nowait saned.saned /usr/sbin/tcpd
|
|
/usr/local/sbin/saned
|
|
|
|
Note that both examples assume that there is a <B>saned</B> group and a <B>saned</B>
|
|
user. If you follow this example, please make sure that the access
|
|
permissions on the special device are set such that <B>saned</B> can access
|
|
the scanner (the program generally needs read and write access to scan-
|
|
ner devices).
|
|
|
|
If xinetd is installed on your system instead of inetd the following
|
|
example for xinetd.conf may be helpful:
|
|
|
|
# default: off
|
|
# description: The sane server accepts requests
|
|
# for network access to a local scanner via the
|
|
# network.
|
|
service sane
|
|
{
|
|
port = 6566
|
|
socket_type = stream
|
|
wait = no
|
|
user = saned
|
|
group = saned
|
|
server = /usr/local/sbin/saned
|
|
}
|
|
|
|
Finally, it is also necessary to add a line of the following form to
|
|
<I>/etc/services</I>:
|
|
|
|
sane 6566/tcp # SANE network scanner daemon
|
|
|
|
|
|
</PRE>
|
|
<H2>RESTRICTIONS</H2><PRE>
|
|
In addition to the control connection (port 6566) saned also uses a
|
|
data connection. The port of this socket is selected by the operating
|
|
system and can't be specified by the user currently. This may be a
|
|
problem if the connection must go through a firewall (packet filter).
|
|
|
|
|
|
</PRE>
|
|
<H2>FILES</H2><PRE>
|
|
<I>/etc/hosts.equiv</I>
|
|
The hosts listed in this file are permitted to access all local
|
|
SANE devices. Caveat: this file imposes serious security risks
|
|
and its use is not recommended.
|
|
|
|
<I>/usr/local/etc/sane.d/saned.conf</I>
|
|
Contains a list of hosts permitted to access local SANE devices
|
|
(see also description of <B>SANE_CONFIG_DIR</B> below).
|
|
|
|
<I>/usr/local/etc/sane.d/saned.users</I>
|
|
If this file contains lines of the form
|
|
|
|
user:password:backend
|
|
|
|
access to the listed backends is restricted. A backend may be
|
|
listed multiple times for different user/password combinations.
|
|
The server uses MD5 encryption if supported by the client.
|
|
|
|
|
|
</PRE>
|
|
<H2>ENVIRONMENT</H2><PRE>
|
|
<B>SANE_CONFIG_DIR</B>
|
|
This environment variable specifies the list of directories that
|
|
may contain the configuration file. Under UNIX, the directories
|
|
are separated by a colon (`:'), under OS/2, they are separated
|
|
by a semi-colon (`;'). If this variable is not set, the config-
|
|
uration file is searched in two default directories: first, the
|
|
current working directory (".") and then in
|
|
/usr/local/etc/sane.d. If the value of the environment variable
|
|
ends with the directory separator character, then the default
|
|
directories are searched after the explicitly specified directo-
|
|
ries. For example, setting <B>SANE_CONFIG_DIR</B> to "/tmp/config:"
|
|
would result in directories "tmp/config", ".", and
|
|
"/usr/local/etc/sane.d" being searched (in this order).
|
|
|
|
|
|
</PRE>
|
|
<H2>SEE ALSO</H2><PRE>
|
|
<B><A HREF="sane.7.html">sane(7)</A></B>, <B><A HREF="scanimage.1.html">scanimage(1)</A></B>, <B><A HREF="xscanimage.1.html">xscanimage(1)</A></B>, <B><A HREF="xcam.1.html">xcam(1)</A></B>, <B><A HREF="sane-dll.5.html">sane-dll(5)</A></B>, <B>sane-</B>
|
|
<B><A HREF="net.5.html">net(5)</A></B>, <B>sane-"backendname"</B>(5)
|
|
<I>http://www.penguin-breeder.org/?page=sane-net</I>
|
|
|
|
|
|
</PRE>
|
|
<H2>AUTHOR</H2><PRE>
|
|
David Mosberger
|
|
|
|
sane-backends 1.0.12-cvs 9 Feb 2003 <B><A HREF="saned.1.html">saned(1)</A></B>
|
|
</PRE>
|
|
<HR>
|
|
<ADDRESS>
|
|
Man(1) output converted with
|
|
<a href="http://www.oac.uci.edu/indiv/ehood/man2html.html">man2html</a>
|
|
</ADDRESS>
|
|
</BODY>
|
|
</HTML>
|