I have to check for the permisions I have in bothe cases, but I get the idea 12.04 does something different then 11.10 I use.
Unfortunedly I cannot check it right now, but I will post them!
Printable View
I have to check for the permisions I have in bothe cases, but I get the idea 12.04 does something different then 11.10 I use.
Unfortunedly I cannot check it right now, but I will post them!
Console users have special permissions to local devices. Start there. I've seen this with audio playback. I used to be able to ssh in and control speakers connected to the server. At some point, that stopped and I honestly never had a need to research it further.
Strangely, I was in the /etc/fuse.conf file and noticed a setting there #user_allow_other - seems that local users can fuse mount drives.
I bet all the code used to make this happen was seen as a great solution to some other problems. Perhaps if you add both your IDs to the scanner group? The plugdev group might have something to do with this too, but I'm 100% guessing on that.
Well, if read the story well, then georgesgiralt is running in a gui, on both machines, and just wants to scan from the commandline.
I did the test and see the same permissions as you do, but I can scan ! Maybe its an issue with vuescan, I do'nt know.
This is what I did and saw :
I ran it indeed from the localhost to the localhost using ssh -X, because there is no difference with a reel remote host.Code:Bus 002 Device 002: ID 04b8:011b Seiko Epson Corp. Perfection 2400 Photo
wim@grey:~$ ls -l /dev/bus/usb/002/002
crw-rw-r--+ 1 root root 189, 129 2013-03-07 12:51 /dev/bus/usb/002/002
wim@grey:~$ getfacl /dev/bus/usb/002/002
getfacl: Removing leading '/' from absolute path names
# file: dev/bus/usb/002/002
# owner: root
# group: root
user::rw-
user:wim:rw-
group::rw-
group:scanner:rw-
mask::rw-
other::r--
wim@grey:~$ ssh -X browser@localhost
browser@localhost's password:
Welcome to Ubuntu 11.10 (GNU/Linux 2.6.38-16-generic i686)
* Documentation: https://help.ubuntu.com/
32 packages can be updated.
32 updates are security updates.
New release '12.04.2 LTS' available.
Run 'do-release-upgrade' to upgrade to it.
Last login: Wed Mar 6 16:13:23 2013 from 192.168.123.117
browser@grey:~$ ls -l /dev/bus/usb/002/002
crw-rw-r--+ 1 root root 189, 129 2013-03-07 12:51 /dev/bus/usb/002/002
browser@grey:~$ getfacl /dev/bus/usb/002/002
getfacl: Removing leading '/' from absolute path names
# file: dev/bus/usb/002/002
# owner: root
# group: root
user::rw-
user:wim:rw-
group::rw-
group:scanner:rw-
mask::rw-
other::r--
browser@grey:~$ scanimage -x 100 -y 100 --format=tiff >out.tiff
browser@grey:~$
May be, to be shure, you could test with scanimage? I don't see a clue to why it does not work at your site.
Wow, just an update, I oversaw this,
To use the scanner you must be a member of the group scanner or the owner of the device.
So root can do all, but in the last pane, george is not in the group scanner while lightdm is owner.
I think you have to add george to the scanner group.
When I try to use the scanner over ssh, with a user not in the scannergroup, i get the error:
scanimage: no SANE devices found
So that must be your solution.
( I think lightdm becomes owner of the device, because it is locked by lightdm for the already logged-in user )
Hello !
I did not make myself clear.
If I log in using the graphical console, and then, start a shell and launch Vuescan, I can access the scanner and do my job. Even if someone else is *already* logged on on the console.
If I log in using ssh I get the shell directly. Why the heck can't I access the scanner ? Am I a second class user ? What is different in the login process between the graphical user interface and ssh ? And why is there THIS difference ? (if there is one, and actually there is, what else is different? .....)
And why are the ACL on the device file change so often.... (in this case, before I log in, the device file belongs to root with an acl to nicole, then when I log in on the graphical interface, the acl gives me the right to use the scanner. Then, when I log out, the device acl does not revert to nicole but to lightdm.... Nonsense.)
Since then, I've found a workaround, but .... intellectually, this is not good enough.
Hi georgesgiralt,
Thats exact the problem...
You never are member of the scannergroup, so if you are the first to log in, you are the owner of the scanner.
When you login as second or via the network you must exist in the scanner group.
So you must be the owner of the scanner, check with "getfacl", or must be member of the scannergroup, check with "id".
No, I *do* disagree.
The system behind the graphical login does idiot things. It changes acl of devices files without mercy nor rationality. I would understand if the acl gives ownership of the scanner to "nicole", the first logged user. I am dubious of the fact that the owner change to "georges" when I log in graphically. But this whole things becomes stupid when it revert the acl to "lightdm" when I log out. Worse than stupid. Add to this that this mechanism is not triggered at all when logged through ssh and you have an useless and stupid thing.
And this is not related to scanner also. This behavior is the same for a whole bunch of devices....
I understand what you mean but I think it is a little different organized.
It may look as strange behaviour, but also it is just a way it is designed. And I am shure, I couldnt do it better.
And last but not least, if you are in the scanner group, you can alway access the scanner, so what's the point.
Over the network you never become the owner of the scanner, so take it or leave it. ( I dont mean this in a bad way. )
I would say , better al devices are from root or the display manager. Although I don't know what the display manager has to deal with devices at all.
It could be considered as a bit more secure when you can oly use a device when it is stricly given to you. As now by the group permission.
But either way , it is a choice.
Maybe add yourself to the scanner group and tell if thats a working solution. It can be at help for others.