> . In the
> case of a scanner it lets all SCSI commands through. Is this
> a good idea or should some SCSI commands to a scanner be
> restricted if a user does not have write permissions?
>
Hi Dough,
you can damage the scanner if you send bad command sequences.
I would prefer if a user has no possibility to send any commands
to the scanner at all.
In fact I think the generic scsi devices are dangerous if user has
write permission.
What about this:
create a group for each scsi devie type:
sg_1, sg_2, ... sg_6 (scanner) ...
and a program that wants to talk to a device that has the type 6
must be of the group sg_6.
Only the superuser and a member of this group can change the
group of a program.
But I don`t know if it is possible to find out the group of a program
and if it is possible for a user to fake the group.
Bye
Oliver
-- Homepage: http://www.wolfsburg.de/~rauch sane-umax: http://www.wolfsburg.de/~rauch/sane/sane-umax.html xsane: http://www.wolfsburg.de/~rauch/sane/sane-xsane.html E-Mail: mailto:Oliver.Rauch@Wolfsburg.DE
-- Source code, list archive, and docs: http://www.mostang.com/sane/ To unsubscribe: echo unsubscribe sane-devel | mail majordomo@mostang.com