Hello, On Feb 25 12:12 m. allan noah wrote (shortened): > ... i personally dont have much problem with users being able > to plug scanner into machine and make it > work without root permissions ...
Admins don't like it when normal users can plug in whatever hardware and make it work. Admins want to be able to define what the normal users are allowed to do and what not. But it is perfect when - as Oliver said - there is a SANE admin authentication in the frontend (like the CUPS admin authentication for http://localhost:631/admin) and root can define who is a SANE admin (by default it is only root but root can add any user to be a SANE admin). I had this discussion regarding printers ("any user should be able to plug in a printer and make it work"), a quote from a mail: ------------------------------------------------------------------------ See for example http://www.cups.org/str.php?L790 what is possible (of course for all printing systems on all operating systems) when any user can act as printing system administrator: For all printing systems on all operating systems the printing system administrator can copy any printout to any place he likes (e.g. send it via mail to any external address or copy it to any external place). To avoid misunderstandings: If a person is the administrator of her/his workstation then this person knows the root password and then this person is root for her/his workstation and then this person can of course set up the printing system on her/his workstation as she/he likes. But if a workstation is administrated by someone else then this "someone else person" is root for this workstation and then the normal user of this workstation must not be permitted by default to set up or change the printing system on this workstation as she/he likes. Of course the "someone else person" can permit the normal user of this workstation to be a printing system administrator of this workstation but this must not be permitted by default. ------------------------------------------------------------------------ You may say "for SANE there are no such problems". But I think there are similar problems: To "plug in a SCSI scanner and make it work" requires that a SCSI kernel module is loaded - e.g. for the nice unstable SCSI controller which comes with the scanner and which may lead to unpredictable sudden system stops. To set up some external backends special daemons must be started (ptal for hpoj, hplip for hpaio) or non-free software must be installed (for epkowa the Iscan software). "Any user should be able to plug in a scanner and make it work" requires sometimes additional stuff which leads to security or license problems. > should you not be in bed at this hour? :) I don't know which way Suse/Novell mails go nowadays (perhaps from German via US to the final recipient and perhaps the sent-time may be somehow wrong). When I sent this mail it was late afternoon in German. Kind Regards, Johannes Meixner -- SUSE LINUX Products GmbH, Maxfeldstrasse 5 Mail: [email protected] 90409 Nuernberg, Germany WWW: http://www.suse.de/
