I am using a USB scanner which uses LIBUSB, which means the scanner is accessed without a device node being created. By default, it only works as root. After hunting through the documentation, I discovered that to allow other users to access my scanner I have to modify the file /etc/hotplug/usb/libusbscanner, uncommenting the block that sets the permissions to 666. Now, I suggest 666 be the default permissions to make it easier for users configuring scanners. The file says this is insecure, but seriously, what kind of security problems are introduced by letting anyone use a scanner? Maybe I'm missing something, but I don't understand how someone could hack into your system by being allowed to use your scanner. Reproducible: Always Steps to Reproduce: 1. 2. 3.
"The file says this is insecure" NO.
Perhaps my report was misunderstood. I'm not suggesting you do something insecure. I suspect that, as a matter of fact, it IS secure to have 666 for permissions of a scanner. I suspect that the reason the person wrote that it's insecure is out of habit of thinking that system files with permissions of 666 is insecure.
How about if Gentoo automatically adds users to the "scanner" group when SANE is installed? I reported this request to SANE and they said that's what individual distributions could do. See: http://alioth.debian.org/tracker/?func=detail&atid=410366&aid=300932&group_id=30186
Thought about it again (while checking something else with sane-backends) and came to the conclusion that this is no good idea. Giving scanner access to anyone when this could (in rare cases, admitted...) damage your hardware? No. Automatically adding users to a privileged group? The same as above with some bells and whistles. Arranging hardware access rights is a job for the system administrator. Adding some scripts that make jobs like "open access for everyone to scanners" easier would be a different question and are perhaps worth thinking about. The pkg_config part of the ebuild would be a good place for this kind of job. But it should not be done without asking root.
Fair enough. Just keep in mind that with that methodology, Gentoo and in general Linux will never be a system that "just works", hence will never become used by everyone as a desktop, but only by the (probably minority of) people with the extra time needed to configure it. After thinking about it, I got another idea, which I think is better - what about a way for root to create a "trusted" user? Such user would, simply on creation, be added to whatever groups are necessary to use all hardware. More generally, it could be assumed that such a user would never do anything intentionally harmful, but the system would prevent them from doing anything accidentally harmful, as it does for any other regular user. The user could have a bunch of things automatcially configured for them with that goal in mind.
https://www.freifunk-gera-greiz.de/web/okcupud/home/-/blogs/best-songs-about-sex https://www.freifunk-gera-greiz.de/web/okcupud/home/-/blogs/7-ways-being-a-better-cook-can-make-you-a-better-lover https://www.freifunk-gera-greiz.de/web/okcupud/home/-/blogs/5-kinky-dating-tips https://agreatertown.com/albuquerque_nm/3_ways_to_tell_if_your_dinner_date_is_going_right_000190685592 http://portal.mcleodrussel.com/eu/web/okcupid/
