References:
SaneDaemonTutorial
sand systemd manual page
RHEL: saned systemd support
SaneOverNetwork
Background:
systemd uses “sockets” to replace the defunct xinetd.
systemd will listen on port 6566 tcp and use saned.socket to start an instance of saned@.service for each request to port 6566 tcp
Note: in the follow paper, “#” refers to the command prompt of the root user
and “$” refers to the command prompt of a standard user
Prerequisites:
saned’s daemons are required to be installed.
Fedora 27:
# dnf install sane-backends sane-backends-daemon
<! --# dnf install https://ftp.gwdg.de/pub/opensuse/repositories/home:/zhonghuaren/Fedora_27/x86_64/imagescan-3.32.0-8.1.x86_64.rpm -->
Redhat Enterprise Linux and Clones (CentOS, Scientific Linux):
Note: sane-backends is not support under Enterprise Linux due to
Enterprise Linux’s deliberate out of date nature as needed patches can not be installed
Systemd Scripts:
For the systemd configuration we need to add 2 configuration files called
saned.socket and
saned@saned.service in
/etc/systemd/system with:
ownership of root.root, and
permissions of 755
Note: after every change to these two files, you need to stop and start
the socket and reload the daemons (instructions are below):
saned.socket
[Unit]
Description=saned incoming socket
[Socket]
ListenStream=6566
Accept=yes
MaxConnections=1
connect_timeout=60
[Install]
WantedBy=sockets.target
saned@.service
[Unit]
Description=Scanner Service
Requires=saned.socket
[Service]
ExecStart=/usr/sbin/saned
User=saned
Group=saned
StandardInput=null
StandardOutput=syslog
StandardError=syslog
# Environment=SANE_CONFIG_DIR=/etc/sane.d
# SANE_DEBUG_EPKOWA=HEX for Epson
# SANE_DEBUG_BJNP=5 for Canon Pixma
Environment=SANE_CONFIG_DIR=/etc/sane.d SANE_DEBUG_DLL=255
# Environment=SANE_CONFIG_DIR=/etc/sane.d SANE_DEBUG_DLL=255 SANE_DEBUG_EPKOWA=HEX SANE_DEBUG_NET=128
To create the daemon’s user and group accounts:
# useradd saned
# useradd -g saned saned
Give to the saned permission to access scanner(s):
Locate your sane backend rules
$ ls /usr/lib/udev/rules.d | grep -i sane-backend
65-sane-backends.rules
If the following is missing from these rules
ACTION=="add", ENV{libsane_matched}=="yes", GROUP="saned", MODE="0660"
Add the following two line to these rules (edit as root):
# Permissions must be given to the saned user to access scanners
ACTION=="add", ENV{libsane_matched}=="yes", GROUP="saned", MODE="0660"
Note: you have to reboot to get the above to take
To set ownership and permissions of these two file:
# chown root.root /etc/systemd/system/saned.service /etc/systemd/system/saned.socket
# chmod 644 /etc/systemd/system/saned.service /etc/systemd/system/saned.socket
Add your local host name to /etc/sane.d/saned.conf.
For Example (substitute your actual network for the one shown):
# The hostname matching is not case-sensitive.
192.168.255.0/24
localhost
Add your Local Host name, Network, and Connect Timeout to /etc/sane.d/net.conf.
For Example (substitute your actual IP). DO NOT use a network address (192.168.255.0/24):
# The hostname matching is not case-sensitive.
192.168.255.10
localhost
connect_timeout=60
Add your local hostname resolved in /etc/hosts (get your host name from the “hostname” command).
For Example:
127.0.0.1 foo.bar.local foo localhost localhost.localdomain localhost4 localhost4.localdomain4
Check for and add if missing the following entry to /etc/services.
$ grep sane /etc/services
sane-port 6566/tcp # SANE Control Port
sane-port 6566/udp # SANE Control Port
To active these services at boot:
# systemctl enable saned.socket
To manually start the sand service:
# systemctl start saned.socket
To manually restart the sand service after an edit:
# systemctl stop saned.socket
# systemctl daemon-reload
# systemctl start saned.socket
Firewall:
If you are using the default firewall (firewalld) and wish to share your
scanner with others on the network, open the following firewall hole:
# firewall-cmd --permanent --add-port=6566/tcp
SELinux on Fedora 27:
SELinux Policy must 3.13.1-283.21 or later
To check your version SELinux Policy:
# rpm -qa selinux-policy
To update SELinux Policy:
# dnf upgrade selinux-policy
# ausearch -c 'systemd' --raw | audit2allow -M my-systemd
# semodule -X 300 -i my-systemd.pp
# ausearch -c '(otify.sh)' --raw | audit2allow -M my-otifysh
# semodule -X 300 -i my-otifysh.pp
# ausearch -c '(otify.sh)' --raw | audit2allow -M my-otifysh
# semodule -X 300 -i my-otifysh.pp
To test your locally installed scanners:
$ scanimage -L
device `epkowa:interpreter:001:003' is a Epson Perfection V300 flatbed scanner
To test your networking:
Install nmap and getaddrinfo (from netresolve-tools):
# dnf install nmap netresolve-tools
$ host Your_IP_address
$ host Your_Host_Name
$ host localhost
$ host 127.0.0.1
$ getaddrinfo -4 --service 6566 --host localhost
To test the saned service (“$” means to test as a standard user):
$ nmap -p 6566 192.168.255.10
Starting Nmap 7.60 ( https://nmap.org ) at 2018-02-03 01:26 PST
Nmap scan report for rn1.rent-a-nerd.local (192.168.255.10)
Host is up (0.00025s latency).
PORT STATE SERVICE
6566/tcp open sane-port
Nmap done: 1 IP address (1 host up) scanned in 0.06 seconds
$ xsane net:192.168.255.10
Instructions provided by Tony E. Thank you!
(current PDF Studio customer on Linux)
