saned(1)                 SANE Scanner Access Now Easy                 saned(1)


       saned - SANE network daemon


       saned [-d|-s [n]]


       saned  is  the SANE (Scanner Access Now Easy) daemon that allows remote
       clients to access image acquisition  devices  available  on  the  local


       The -d and -s flags request that saned run in debug mode (as opposed to
       inetd(8) mode).  In this mode, saned explicitly waits for a  connection
       request.  When compiled with debugging enabled, these flags may be fol-
       lowed by a number to request debug info. The  larger  the  number,  the
       more  verbose  the  debug output.  E.g., -d128 will request printing of
       all debug info. Debug level 0 means no debug output at all. The default
       value  is  2. If flag -d is used, the debug messages will be printed to
       stderr while -s requests using syslog.

       If saned is run from inetd or xinetd, no option can be given.


       First and foremost: saned is not intended to be exposed to the internet
       or other non-trusted networks. Make sure that access is limited by tcp-
       wrappers and/or a firewall setup. Don’t  depend  only  on  saned’s  own
       authentification. Don’t run saned as root if it’s not necessary. And do
       not install saned as setuid root.

       The contents of the saned.conf  file  is  a  list  of  host  names,  IP
       addresses or IP subnets (CIDR notation) that are permitted to use local
       SANE devices. IPv6 addresses must be enclosed in brackets,  and  should
       always  be specified in their compressed form.  Connections from local-
       host are always permitted.  Empty lines and lines starting with a  hash
       mark  (#) are ignored.  A line containing the single character ‘‘+’’ is
       interpreted to match any hostname.  This allows any remote  machine  to
       use  your scanner and may present a security risk, so this shouldn’t be
       used unless you know what you’re doing.  A sample configuration file is
       shown below:

              # this is a comment

       The  case of the host names does not matter, so AHost.COM is considered
       identical to

       For saned to work properly, it is also necessary to add a configuration
       line to /etc/inetd.conf.  Note that your inetd must support IPv6 if you
       want to connect to saned over IPv6 ; xinetd and openbsd-inetd are known
       to support IPv6, check the documentation for your inetd daemon.

       The configuration line normally looks like this:

              sane stream tcp nowait saned.saned /usr/sbin/saned saned

       However, if your system uses tcpd(8) for additional security screening,
       you may want to disable  saned  access  control  by  putting  ‘‘+’’  in
       saned.conf  and  use  a  line  of the following form in /etc/inetd.conf

              sane    stream    tcp    nowait    saned.saned    /usr/sbin/tcpd

       Note  that both examples assume that there is a saned group and a saned
       user.  If you follow this example, please make  sure  that  the  access
       permissions  on  the  special device are set such that saned can access
       the scanner (the program generally needs read and write access to scan-
       ner devices).

       If  xinetd  is  installed on your system instead of inetd the following
       example for xinetd.conf may be helpful:

              # default: off
              # description: The sane server accepts requests
              # for network access to a local scanner via the
              # network.
              service sane
                 port        = 6566
                 socket_type = stream
                 wait        = no
                 user        = saned
                 group       = saned
                 server      = /usr/sbin/saned

       Finally, it is also necessary to add a line of the  following  form  to

              sane 6566/tcp # SANE network scanner daemon


       In  addition  to  the  control connection (port 6566) saned also uses a
       data connection. The port of this socket is selected by  the  operating
       system  and  can’t  be  specified  by the user currently. This may be a
       problem if the connection must go through a firewall  (packet  filter).
       If  you  must  use a packet filter, make sure that all ports > 1024 are
       open on the server for connections from the client.


              The hosts listed in this file are permitted to access all  local
              SANE  devices.  Caveat: this file imposes serious security risks
              and its use is not recommended.

              Contains a list of hosts permitted to access local SANE  devices
              (see also description of SANE_CONFIG_DIR below).

              If this file contains lines of the form


              access  to  the  listed backends is restricted. A backend may be
              listed multiple times for different user/password  combinations.
              The server uses MD5 encryption if supported by the client.


              This environment variable specifies the list of directories that
              may contain the configuration file.  Under UNIX, the directories
              are  separated  by a colon (‘:’), under OS/2, they are separated
              by a semi-colon (‘;’).  If this variable is not set, the config-
              uration  file is searched in two default directories: first, the
              current working directory (".") and then in /etc/sane.d.  If the
              value  of the environment variable ends with the directory sepa-
              rator character, then the default directories are searched after
              the  explicitly  specified  directories.   For  example, setting
              SANE_CONFIG_DIR to "/tmp/config:" would  result  in  directories
              "tmp/config",  ".",  and  "/etc/sane.d"  being searched (in this


       sane(7),  scanimage(1),  xscanimage(1),  xcam(1),  sane-dll(5),   sane-
       net(5), sane-"backendname"(5)


       David Mosberger

sane-backends 1.0.13              29 Oct 2003                         saned(1)

Man(1) output converted with man2html