Oliver Rauch (oliver.rauch@Wolfsburg.DE)
Mon, 22 Nov 1999 17:50:46 +0100

Douglas Gilbert wrote:

> . In the
> case of a scanner it lets all SCSI commands through. Is this
> a good idea or should some SCSI commands to a scanner be
> restricted if a user does not have write permissions?

Hi Dough,

you can damage the scanner if you send bad command sequences.
I would prefer if a user has no possibility to send any commands
to the scanner at all.

In fact I think the generic scsi devices are dangerous if user has
write permission.

What about this:
create a group for each scsi devie type:
sg_1, sg_2, ... sg_6 (scanner) ...
and a program that wants to talk to a device that has the type 6
must be of the group sg_6.
Only the superuser and a member of this group can change the
group of a program.
But I don`t know if it is possible to find out the group of a program
and if it is possible for a user to fake the group.


E-Mail:         mailto:Oliver.Rauch@Wolfsburg.DE

Source code, list archive, and docs:
To unsubscribe: echo unsubscribe sane-devel | mail