ELM 2007/12/16 23:50
How to share a scanner on your network
After hours of research and tweaking, allyour computers are connected to each other and the Internet, and youcan print your documents on a printer connected to another system --but you still must take a break when someone else wants to use thescanner connected to your system. Save the money additional scannerswould cost by sharing your scanner on your LAN.
Start with [url=http://www.sane-project.org/]SANE[/url] (Scanning Access Now Easy), the scanning suite for Linux and other Unix-like systems. Check the project's list of [url=http://www.sane-project.org/sane-supported-devices.html]supported devices[/url]. If your scanner is listed, most of the job is already done.
SANE consists of two packages, sane-backends and sane-frontends. Thebackends package includes scanner drivers and command-line interface(CLI) utilities for using the scanner. You'll want to install thispackage on both the server and the clients. The frontends packagecontains graphical and CLI-based front ends for the scanning process.We won't use this package, because we can use one of the more advancedfront ends for SANE; more on that later.
Begin by installing the sane-backends package. Packages and portsare available for most Linux and BSD distributions. In Debian andUbuntu the package is called sane-utils; Slackware and Arch simply nameit sane. If you prefer building from source, it's a trivial ./configure; make; make installprocess. Documentation is provided in the source tarball. When theinstallation is done, check that your scanner is detected by running scanimage -L as root. The output of this command should look something like the following:
device `plustek:libusb:001:003' is a Epson Perfection 1260/Photo USB flatbed scanner
While you could run saned, the scanning daemon, as root, it's betterto run it as a less privileged user, saned, instead, to improvesecurity. If the saned user is not added by the package of yourdistribution, add it manually with the command:
if ! id saned; then groupadd saned; useradd -g saned -G scanner -s /bin/false -d /dev/null saned; fi
Add your non-root user to the scanner group with the command usermod -a -G [i]username[/i] scanner.
If your Linux distribution uses UDEV for device node management --as most modern distributions do -- you should reboot to ensure that thenew udev rules for SANE are loaded and that you're able to scan as anon-root user. To verify that your system uses UDEV, check for thepresence of the directory /dev/.udev and see whether the udevd processis running with the command ps aux | grep udevd. You canavoid rebooting and manually restart the udev daemon, but that's notvery easy, so it's better to reboot. If your distribution uses staticdevice nodes, take a look at SANE's [url=http://www.sane-project.org/README.linux]README.linux[/url]file for more information on how to manually fix permissions and allownon-root users to access the scanner. Just to be sure that users otherthan root can access the scanner, run scanimage -L as the non-root user you previously added to the scanner group after you reboot; the output should be the same as before.
Now it's time to configure the saned daemon. Add the hostnames or IPaddresses of the hosts you want to have access to the scanner to thefile /etc/sane.d/saned.conf. If you want to provide access to all thecomputers on your network, just add your [url=http://en.wikipedia.org/wiki/Subnetwork]IP subnet[/url] -- for example, if your IP address is 192.168.1.1, your subnet is probably 192.168.1.0/24.
Check that a sane-port line exists in /etc/services, or add the following line if it's not:
sane-port 6566/tcp # SANE network scanner daemon
Saned does not run as a standalone daemon and thus needs inetd (orxinetd) to work. Add the following line in your /etc/inetd.conf:
sane-port stream tcp nowait saned.saned /usr/sbin/saned saned
Now ask inetd to reload that file with the command kill -HUP `cat /var/run/inetd.pid` or your distribution's init script. The saned man page includes instructions on how to use xinetd instead of inetd or [url=ftp://ftp.porcupine.org/pub/security/index.html]tcp_wrappers[/url] for more advanced control of access to saned.
The server should now be ready -- time to configure the clients.Install the sane-backends (or sane-utils, or sane) package on theclients and add the hostname or IP address of the server in/etc/sane.d/net.conf. Running scanimage -L as root should return something like:
device `net:mars:plustek:libusb:001:003' is a Epson Perfection 1260/Photo USB flatbed scanner
(mars is the hostname of my scanner server.) Now add your non-root user to the scanner group, as before, and you're done.
From a security perspective this setup is wide open; anyone who canaccess the network could run denial-of-service attacks on your serveror just start scans to drive you crazy. You should only share a scannerthis way on a protected, firewalled local network.
There are lots of front ends for SANE for all major operating systems; have a look at [url=http://www.sane-project.org/sane-frontends.html]the complete list[/url] in SANE's home page. I run [url=http://www.xsane.org/]XSane[/url] on my Linux and BSD desktops. If you use Windows on your clients I suggest using [url=http://sanetwain.ozuzo.net/]SaneTwain[/url],since I've had the most successful results with it. I installed ascanner/printer server for a small business years ago and they stillhappily run SaneTwain on Windows 98 and XP clients without problems.
That's it, enjoy your new scanner server. You have one more reason to be proud of your home or small business network.