sane-project-website/man/saned.1.html

182 wiersze
7.6 KiB
HTML

<HTML>
<HEAD>
<TITLE>saned.1</TITLE>
</HEAD>
<BODY BGCOLOR=#FFFFFF TEXT=#000000><H1 ALIGN=CENTER><IMG SRC="../sane.png" HEIGHT=117 WIDTH=346></H1>
<H1>saned.1</H1>
<HR>
<PRE>
<!-- Manpage converted by man2html 3.0.1 -->
<B><A HREF="saned.1.html">saned(1)</A></B> SANE Scanner Access Now Easy <B><A HREF="saned.1.html">saned(1)</A></B>
</PRE>
<H2>NAME</H2><PRE>
saned - SANE network daemon
</PRE>
<H2>SYNOPSIS</H2><PRE>
<B>saned</B> [<B>-d</B>|<B>-s</B> [<I>n</I>]]
</PRE>
<H2>DESCRIPTION</H2><PRE>
<B>saned</B> is the SANE (Scanner Access Now Easy) daemon that allows remote
clients to access image acquisition devices available on the local
host.
</PRE>
<H2>OPTIONS</H2><PRE>
The <B>-d</B> and <B>-s</B> flags request that <B>saned</B> run in debug mode (as opposed to
<B><A HREF="inetd.8.html">inetd(8)</A></B> mode). In this mode, <B>saned</B> explicitly waits for a connection
request. When compiled with debugging enabled, these flags may be fol-
lowed by a number to request debug info. The larger the number, the
more verbose the debug output. E.g., <B>-d128</B> will request printing of
all debug info. Debug level 0 means no debug output at all. The default
value is 2. If flag <B>-d</B> is used, the debug messages will be printed to
stderr while <B>-s</B> requests using syslog.
If <B>saned</B> is run from inetd or xinetd, no option can be given.
</PRE>
<H2>CONFIGURATION</H2><PRE>
First and foremost: <B>saned</B> is not intended to be exposed to the internet
or other non-trusted networks. Make sure that access is limited by tcp-
wrappers and/or a firewall setup. Don't depend only on <B>saned</B>'s own
authentification. Don't run <B>saned</B> as root if it's not necessary. And do
<B>not</B> install <B>saned</B> as setuid root.
The contents of the <I>saned.conf</I> file is a list of host names or IP
addresses that are permitted to use local SANE devices. Connections
from localhost are always permitted. Empty lines and lines starting
with a hash mark (#) are ignored. A line containing the single charac-
ter ``+'' is interpreted to match any hostname. This allows any remote
machine to use your scanner and may present a security risk, so this
shouldn't be used unless you know what you're doing. A sample configu-
ration file is shown below:
scan-client.somedomain.firm
# this is a comment
192.168.0.1
::1
The case of the host names does not matter, so AHost.COM is considered
identical to ahost.com. IPv6 addresses should always be specified in
their compressed form.
For <B>saned</B> to work properly, it is also necessary to add a configuration
line to <I>/etc/inetd.conf</I>. Note that your inetd must support IPv6 if you
want to connect to saned over IPv6 ; xinetd and openbsd-inetd are known
to support IPv6, check the documentation for your inetd daemon.
The configuration line normally looks like this:
sane stream tcp nowait saned.saned /usr/local/sbin/saned saned
However, if your system uses <B><A HREF="tcpd.8.html">tcpd(8)</A></B> for additional security screening,
you may want to disable saned access control by putting ``+'' in
<I>saned.conf</I> and use a line of the following form in <I>/etc/inetd.conf</I>
instead:
sane stream tcp nowait saned.saned /usr/sbin/tcpd
/usr/local/sbin/saned
Note that both examples assume that there is a <B>saned</B> group and a <B>saned</B>
user. If you follow this example, please make sure that the access
permissions on the special device are set such that <B>saned</B> can access
the scanner (the program generally needs read and write access to scan-
ner devices).
If xinetd is installed on your system instead of inetd the following
example for xinetd.conf may be helpful:
# default: off
# description: The sane server accepts requests
# for network access to a local scanner via the
# network.
service sane
{
port = 6566
socket_type = stream
wait = no
user = saned
group = saned
server = /usr/local/sbin/saned
}
Finally, it is also necessary to add a line of the following form to
<I>/etc/services</I>:
sane 6566/tcp # SANE network scanner daemon
</PRE>
<H2>RESTRICTIONS</H2><PRE>
In addition to the control connection (port 6566) saned also uses a
data connection. The port of this socket is selected by the operating
system and can't be specified by the user currently. This may be a
problem if the connection must go through a firewall (packet filter).
</PRE>
<H2>FILES</H2><PRE>
<I>/etc/hosts.equiv</I>
The hosts listed in this file are permitted to access all local
SANE devices. Caveat: this file imposes serious security risks
and its use is not recommended.
<I>/usr/local/etc/sane.d/saned.conf</I>
Contains a list of hosts permitted to access local SANE devices
(see also description of <B>SANE_CONFIG_DIR</B> below).
<I>/usr/local/etc/sane.d/saned.users</I>
If this file contains lines of the form
user:password:backend
access to the listed backends is restricted. A backend may be
listed multiple times for different user/password combinations.
The server uses MD5 encryption if supported by the client.
</PRE>
<H2>ENVIRONMENT</H2><PRE>
<B>SANE_CONFIG_DIR</B>
This environment variable specifies the list of directories that
may contain the configuration file. Under UNIX, the directories
are separated by a colon (`:'), under OS/2, they are separated
by a semi-colon (`;'). If this variable is not set, the config-
uration file is searched in two default directories: first, the
current working directory (".") and then in
/usr/local/etc/sane.d. If the value of the environment variable
ends with the directory separator character, then the default
directories are searched after the explicitly specified directo-
ries. For example, setting <B>SANE_CONFIG_DIR</B> to "/tmp/config:"
would result in directories "tmp/config", ".", and
"/usr/local/etc/sane.d" being searched (in this order).
</PRE>
<H2>SEE ALSO</H2><PRE>
<B><A HREF="sane.7.html">sane(7)</A></B>, <B><A HREF="scanimage.1.html">scanimage(1)</A></B>, <B><A HREF="xscanimage.1.html">xscanimage(1)</A></B>, <B><A HREF="xcam.1.html">xcam(1)</A></B>, <B><A HREF="sane-dll.5.html">sane-dll(5)</A></B>, <B>sane-</B>
<B><A HREF="net.5.html">net(5)</A></B>, <B>sane-"backendname"</B>(5)
<I>http://www.penguin-breeder.org/?page=sane-net</I>
</PRE>
<H2>AUTHOR</H2><PRE>
David Mosberger
sane-backends 1.0.12-cvs 9 Feb 2003 <B><A HREF="saned.1.html">saned(1)</A></B>
</PRE>
<HR>
<ADDRESS>
Man(1) output converted with
<a href="http://www.oac.uci.edu/indiv/ehood/man2html.html">man2html</a>
</ADDRESS>
</BODY>
</HTML>