[Touch-packages] [Bug 236956] Re: sane devices should not be managed by consolekit
https://jff.email/cgit/sane- backends.git/tree/debian/libsane1.README.Debian (under "SETUP") -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to consolekit in Ubuntu. https://bugs.launchpad.net/bugs/236956 Title: sane devices should not be managed by consolekit Status in consolekit package in Ubuntu: Invalid Status in sane-backends package in Ubuntu: Fix Released Bug description: In hardy, USB scanners are managed differently than in previous releases of Ubuntu. Before hardy, there was a udev rules assigning to the "scanner" group all the usb devices that appeared to be scanners under comparison to the /etc/udev/rules.d/45-libsane.rules. Now, that file is no more, and the access to the usb scanners is controlled by HAL+Consolekit. The result is that only the user who is sitting at the console has permission to use the scanner, since the usb devices now get owned by root, with a special ACL allowing access to the console user. This is a very very wrong thing to do. The beauty of sane is that it can work over the network. But with "hardy" it cannot anymore: there is no possibility to set up a scanner server. Saned is supposed to be run via xinetd as the saned user. But with the current setup, the saned user cannot access the scanner, since only the current console user and root can. It is not possible to tell xinetd that saned should be run as "the current console user". And in fact there might be no current console user at all. Nor it is possible to tell xinetd that saned should be run as root, because this is just too bad from a security point of view. What makes the matter worse is that putting the 45-libsane.rules from gutsy back in place does not help. So, with the current consolekit thing, sane is not sane anymore, and can only be run from the console (a la Twain) and not as a server. Please, rethink about console kit and scanners. Consolekit is a very desktop-centric thing, assuming that most pluggable peripherals should be owned by the person at the console. But this is generally not true of anything that can be shared on the network. Things that can be shared should be independent from the console user. Please go back to treating scanners with a dedicated system user or group owning them. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/consolekit/+bug/236956/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
[Touch-packages] [Bug 236956] Re: sane devices should not be managed by consolekit
https://jff.email/cgit/sane- backends.git/tree/debian/libsane1.README.Debian (under "SETUP") ** Changed in: sane-backends (Ubuntu) Status: Confirmed => Fix Released -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to consolekit in Ubuntu. https://bugs.launchpad.net/bugs/236956 Title: sane devices should not be managed by consolekit Status in consolekit package in Ubuntu: Invalid Status in sane-backends package in Ubuntu: Fix Released Bug description: In hardy, USB scanners are managed differently than in previous releases of Ubuntu. Before hardy, there was a udev rules assigning to the "scanner" group all the usb devices that appeared to be scanners under comparison to the /etc/udev/rules.d/45-libsane.rules. Now, that file is no more, and the access to the usb scanners is controlled by HAL+Consolekit. The result is that only the user who is sitting at the console has permission to use the scanner, since the usb devices now get owned by root, with a special ACL allowing access to the console user. This is a very very wrong thing to do. The beauty of sane is that it can work over the network. But with "hardy" it cannot anymore: there is no possibility to set up a scanner server. Saned is supposed to be run via xinetd as the saned user. But with the current setup, the saned user cannot access the scanner, since only the current console user and root can. It is not possible to tell xinetd that saned should be run as "the current console user". And in fact there might be no current console user at all. Nor it is possible to tell xinetd that saned should be run as root, because this is just too bad from a security point of view. What makes the matter worse is that putting the 45-libsane.rules from gutsy back in place does not help. So, with the current consolekit thing, sane is not sane anymore, and can only be run from the console (a la Twain) and not as a server. Please, rethink about console kit and scanners. Consolekit is a very desktop-centric thing, assuming that most pluggable peripherals should be owned by the person at the console. But this is generally not true of anything that can be shared on the network. Things that can be shared should be independent from the console user. Please go back to treating scanners with a dedicated system user or group owning them. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/consolekit/+bug/236956/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
