# Grant user permission to epjitsu (Fujitsu ScanSnap S1100)



## amiramix (Apr 28, 2016)

On root:


```
root@crayon2:/var/log # scanimage -L
device `v4l:/dev/video1' is a Noname Creative WebCam Live! Motion virtual device
device `v4l:/dev/video0' is a Noname Mouse Scanner virtual device
device `epjitsu:libusb:003:003' is a FUJITSU ScanSnap S1100 scanner
```

On user:


```
g@crayon2:~ % scanimage -L
device `v4l:/dev/video1' is a Noname Creative WebCam Live! Motion virtual device
device `v4l:/dev/video0' is a Noname Mouse Scanner virtual device
```

My devfs.rules:


```
root@crayon2:/etc # cat /etc/devfs.rules
[system=10]
add path 'usb*'  mode 0660 group cups
add path 'usb/*'  mode 0660 group cups
add path 'ugen*'  mode 0660 group cups
add path 'ugen/*'  mode 0660 group cups
add path 'ad[0-9]\*'  mode 0666
add path 'ada[0-9]\*'  mode 0666
add path 'da[0-9]\*'  mode 0666
add path 'acd[0-9]\*'  mode 0666
add path 'cd[0-9]\*'  mode 0666
add path 'xpt[0-9]\*'  mode 0666
add path 'mmcsd[0-9]\*'  mode 0666
add path 'pass[0-9]\*'  mode 0666
```

I have also created /usr/local/etc/devd/saned.conf:


```
root@crayon2:/etc # cat /usr/local/etc/devd/saned.conf
notify 100 {
  match "system" "USB";
  match "subsystem" "INTERFACE";
  match "type" "ATTACH";
  match "cdev" "ugen[0-9].[0-9]";
  match "vendor" "0x04c5";
  match "product" "0x1200";
  action "chown -L cups:saned /dev/$cdev && chmod -L 660 /dev/$cdev";
};
```

So, how do I grant my user permission to access the device 
	
	



```
device `epjitsu:libusb:003:003' is a FUJITSU ScanSnap S1100 scanner
```
 ?


----------



## cpm@ (Apr 29, 2016)

Be sure that your user is a member of cups and wheel groups.

https://www.freebsd.org/doc/en/articles/cups/article.html#printing-cups-troubleshooting


----------



## amiramix (Apr 29, 2016)

Sure, it is. Cups works fine.


----------



## cpm@ (Apr 29, 2016)

Please, show your /etc/devfs.conf


----------



## SirDice (Apr 29, 2016)

Not related to the issue at hand but this:

```
add path 'ad[0-9]\*'  mode 0666
add path 'ada[0-9]\*'  mode 0666
add path 'da[0-9]\*'  mode 0666
```
Is a recipe for disaster. It allows everything but the kitchen-sink full and unfettered *write* access to the disk itself. Why those permissions? What are you trying to accomplish?


----------



## cpm@ (Apr 29, 2016)

Good catch, SirDice,

amiramix, 
Please, read the devfs.conf(5) manpage to configure it properly.


----------



## amiramix (Apr 29, 2016)

SirDice said:


> Not related to the issue at hand but this:
> 
> ```
> add path 'ad[0-9]\*'  mode 0666
> ...



It's my desktop comp so I am concerned with permissions that much. I don't remember but I think I copied it from a guide at some point. It seemed like a good idea at that time. If it's not needed for the user to mount disks then I might comment it out.


----------



## amiramix (Apr 29, 2016)

Only commented in lines:


```
g@crayon2:~ % cat /etc/devfs.conf
(...)
link /tmp shm
(...)
own  /dev/cd0  root:operator
perm /dev/cd0  0666
perm /dev/pass0  0666
(...)
perm /dev/pass3  0666
perm /dev/xpt0  0666
perm /dev/uscanner0  0666
```


----------



## cpm@ (Apr 29, 2016)

Well, I recommend that you read carefully the devfs.conf(5) and devfs.rules(5) manpages.

To solve the permissions problem, you can use the saned daemon.

Add these two lines to /etc/rc/conf:

```
saned_enable="YES"
saned_uid="root"
```

Run `service saned start`

Uncomment the last line in /usr/local/etc/sane.d/net.conf

```
## saned hosts
# Each line names a host to attach to.
# If you list "localhost" then your backends can be accessed either
# directly or through the net backend.  Going through the net backend
# may be necessary to access devices that need special privileges.
localhost
```


----------



## wblock@ (Apr 29, 2016)

amiramix said:


> link /tmp shm


I don't know that is wrong, but it looks wrong.


----------



## cpm@ (Apr 29, 2016)

wblock@ said:


> I don't know that is wrong, but it looks wrong.



According to /usr/ports/emulators/linux_base-c6/pkg-message


> [...]
> If you want to use shared memory in Linux applications, you need to set up
> a link from /dev/shm to a suitable place, e.g. by adding the following line
> to /etc/devfs.conf (takes effect on each boot):
> ...



it seems correct.


----------



## amiramix (Apr 30, 2016)

cpm said:


> To solve the permissions problem, you can use the saned daemon.
> 
> Add these two lines to /etc/rc/conf:
> 
> ...



Great! Thanks. That worked. Even before editing net.conf the scanner became visible for the user. But isn't running it as root a bit of a workaround?


----------



## cpm@ (May 5, 2016)

amiramix said:


> Great! Thanks. That worked. Even before editing net.conf the scanner became visible for the user. But isn't running it as root a bit of a workaround?



Yes, the SANE network backend provides access to image acquisition devices through a network connection. Read sane-net(5) manpage for further details.

If you do not ask saned_uid, by default, it runs under the user saned. Normally, the rights to the device is found in /etc/devfs.rules file.


----------



## Zagzigger (Feb 6, 2019)

cpm@ said:


> Yes, the SANE network backend provides access to image acquisition devices through a network connection. Read sane-net(5) manpage for further details.
> 
> If you do not ask saned_uid, by default, it runs under the user saned. Normally, the rights to the device is found in /etc/devfs.rules file.


Thanks. Great stuff - I'm learning more about permissions and so on all the time. 
This helped - but still have a way to go.


----------

