References:
SaneDaemonTutorial
sand systemd manual page
RHEL: saned systemd support
SaneOverNetwork

Background:

systemd uses “sockets” to replace the defunct xinetd.
systemd will listen on port 6566 tcp and use saned.socket to start an instance of saned@.service for each request to port 6566 tcp

Prerequisites:

saned’s daemons are required to be installed.
Fedora 27:

su root -c "dnf install sane-backends sane-backends-daemon"

Redhat Enterprise Linux and Clones (CentOS, Scientific Linux):
Note: sane-backends is not support under Enterprise Linux due to Enterprise Linux’s deliberate out of date nature as needed patches can not be installed

Systemd Scripts:
For the systemd configuration we need to add 2 configuration files called saned.socket and saned@saned.service in /etc/systemd/system with:

ownership of root.root, and
permissions of 755

saned.socket

[Unit]
Description=saned incoming socket

[Socket]
ListenStream=6566
Accept=yes
MaxConnections=1
connect_timeout=60

[Install]
WantedBy=sockets.target

saned@saned.service

[Unit]
Description=Scanner Service
Requires=saned.socket

[Service]
ExecStart=/usr/sbin/saned
User=saned
Group=saned
StandardInput=null
StandardOutput=syslog
StandardError=syslog
# Environment=SANE_CONFIG_DIR=/etc/sane.d SANE_DEBUG_DLL=255

To create the daemon’s user and group accounts:

su root -c "useradd saned"
su root -c "useradd -g saned saned"

To set ownership and permissions of these two file:

su root -c "chown root.root /etc/systemd/system/saned.service /etc/systemd/system/saned.socket"
su root -c "chmod 644 /etc/systemd/system/saned.service /etc/systemd/system/saned.socket"

Add you local host name to /etc/sane.d/saned.conf.
For Example (substitute your actual network for the one shown):

# The hostname matching is not case-sensitive. 
192.168.255.0/24
localhost

Add your local hostname resolved in /etc/hosts (get your host name from the “hostname” command).
For Example:

127.0.0.1   foo.bar.local foo localhost localhost.localdomain localhost4 localhost4.localdomain4

Add the following entry to /etc/services.

sane-port 6566/tcp # SANE network scanner daemon

To active these services at boot:

su root -c "systemctl enable saned.socket"
su root -c "useradd -g saned saned"

To manually start the sand service:

su root -c "systemctl start saned.socket"

SELinux on Fedora 27:


SELinux Policy must 3.13.1-283.21 or later
To check your version SELinux Policy:
   rpm -qa selinux-policy
   
To update SELinux Policy:
   su root -c "dnf upgrade selinux-policy"
   
su root -c "ausearch -c 'systemd' --raw | audit2allow -M my-systemd"
su root -c "semodule -X 300 -i my-systemd.pp"

To test the saned service (“$” means to test as a standard user):

$ nmap -p 6566 192.168.255.10

Starting Nmap 7.60 ( https://nmap.org ) at 2018-02-03 01:26 PST
Nmap scan report for rn1.rent-a-nerd.local (192.168.255.10)
Host is up (0.00025s latency).

PORT     STATE SERVICE
6566/tcp open  sane-port

Nmap done: 1 IP address (1 host up) scanned in 0.06 seconds

$ xsane net:192.168.255.10

Instructions provided by Tony
(current PDF Studio customer on Linux)