[Techtalk] Changing ownership of devices

Maria Blackmore mariab at cats.meow.at
Tue Sep 9 13:09:45 EST 2003 

On Tue, 9 Sep 2003, Conor Daly wrote:

> I know there's an answer to this somewhere...

There's always an answer :)

> I have a scanner on /dev/sg0.  If I log in in X, I can use the scanner via
> xsane.  Now, if I log out and log in again via ssh, I suddenly cannot use
> the scanner.  It turns out that the ownership of /dev/sg0 has changed.
> When I was logged in locally, it was:
> 
> crw------- 1 cdaly root 21,   0 Aug 30  2001 /dev/sg0
> 
> when I logged out and came back in via ssh it was:
> 
> crw------- 1 root root 21,   0 Aug 30  2001 /dev/sg0

This seems very bizarre to me, the device should never be owned by anyone
other than root.

The "right" way to do this is to leave the device owned by root, but
change the group.  Make a new group just for scanners or re-use a group
for something else, and add your user to it.  chown the sg0 device to have
the group set to the one you wish to use to control access to the
scanner, then all you need to do is give the group access to the device,
with 660 for example.

I do this, and use the group "video" since it was pre-existing, and seemed
appropriate.

This gives me this:

crw-rw----    1 root     video     21,   0 Apr 15  2001 /dev/sg0

and my user is in the group video

This means that me and anyone in the group "video" are allowed access to
the scanner.

The only thing to remember is that if you add yourself to a group, it only
applies to new logins, and not any pre-existing logins.

> I had this sort of issue over sound devices in the past and I seem to
> remember something about changing a pam setting.  Does anyone know?

uhm, not sure what would be doing this.

I don't think I like the sound of it :/

> I know it's reasonable to limit access to certain devices to the user
> sitting at the machine but I want the scanner to be available over the
> network also.  I haven't figured out the details of sane-net yet so I may
> be able to access the thing that way in any case...

sane-net is wonderful :)

it's comparatively easy to setup, but it does need careful reading of the
documentation so you understand what's required.

Maria

More information about the Techtalk mailing list