diff options
author | Bruce M Simpson <bms@FreeBSD.org> | 2010-02-07 20:34:20 +0000 |
---|---|---|
committer | Bruce M Simpson <bms@FreeBSD.org> | 2010-02-07 20:34:20 +0000 |
commit | e8f6999c1b3eea007da83a6e4388deb0e3bf03fb (patch) | |
tree | a62cfc6bce657b426d86d5694ed89685d5734b53 /graphics/sane-backends/files | |
parent | 2f886f4efb083c9c04e0436f4f685170949d67af (diff) | |
download | ports-e8f6999c1b3eea007da83a6e4388deb0e3bf03fb.tar.gz ports-e8f6999c1b3eea007da83a6e4388deb0e3bf03fb.zip |
Add an RC script for saned, and borrow machinery for creating
a dedicated sandbox user account from the nullmailer port.
Also add a pkg-message which describes how to tie down a USB
scanner to this sandbox using devd(8) in FreeBSD 8, as well as
describing what config files likely need editing.
Note: This text probably belongs in the FreeBSD Handbook.
Bump PORTREVISION.
Reviewed by: dougb (with edits to saned.in)
Notes
Notes:
svn path=/head/; revision=249398
Diffstat (limited to 'graphics/sane-backends/files')
-rw-r--r-- | graphics/sane-backends/files/pkg-install.in | 65 | ||||
-rw-r--r-- | graphics/sane-backends/files/pkg-message.in | 46 | ||||
-rw-r--r-- | graphics/sane-backends/files/saned.in | 37 |
3 files changed, 148 insertions, 0 deletions
diff --git a/graphics/sane-backends/files/pkg-install.in b/graphics/sane-backends/files/pkg-install.in new file mode 100644 index 000000000000..4ff38c47598f --- /dev/null +++ b/graphics/sane-backends/files/pkg-install.in @@ -0,0 +1,65 @@ +#!/bin/sh + +user=saned +group=saned + +ask() { + local question default answer + + question=$1 + default=$2 + if [ -z "${PACKAGE_BUILDING}" ]; then + read -p "${question} [${default}]? " answer + fi + if [ x${answer} = x ]; then + answer=${default} + fi + echo ${answer} +} + +yesno() { + local dflt question answer + + question=$1 + dflt=$2 + while :; do + answer=$(ask "${question}" "${dflt}") + case "${answer}" in + [Yy]*) return 0;; + [Nn]*) return 1;; + esac + echo "Please answer yes or no." + done +} + +if [ x"$2" = xPRE-INSTALL ]; then + if /usr/sbin/pw groupshow "${group}" 2>/dev/null; then + echo "You already have a group \"${group}\", so I will use it." + else + echo "You need a group \"${group}\"." + if ([ -n "$BATCH" ] || yesno "Would you like me to create it" y); then + /usr/sbin/pw groupadd ${group} -g 194 -h - || exit + echo "Done." + else + echo "Please create it, and try again." + exit 1 + fi + fi + + if /usr/sbin/pw user show "${user}" 2>/dev/null; then + echo "You already have a user \"${user}\", so I will use it." + pw usermod "${user}" -d /nonexistent + else + echo "You need a user \"${user}\"." + if ([ -n "$BATCH" ] || yesno "Would you like me to create it" y); then + /usr/sbin/pw useradd ${user} -u 194 -g ${group} -h - \ + -d /nonexistent -s /bin/sh -c "SANE Scanner Daemon" || exit + echo "Done." + else + echo "Please create it, and try again." + exit 1 + fi + fi + + # TODO: Fix logging. +fi diff --git a/graphics/sane-backends/files/pkg-message.in b/graphics/sane-backends/files/pkg-message.in new file mode 100644 index 000000000000..0716d8dd79c6 --- /dev/null +++ b/graphics/sane-backends/files/pkg-message.in @@ -0,0 +1,46 @@ +================================================================== + +saned will log to the 'daemon' facility; this is a hard-coded +default. Also, saned has no support for SSL/TLS or cryptographic +authentication; you may wish to deploy security/stunnel to wrap +it if you have concerns about security. + +If you are using a USB scanner, you should edit /etc/devd.conf to +allow saned access permissions. Currently, devfs.rules(5) has no +support for USB specific filters such as vendor, product and +serial number. + +Here is an example devd.conf(5) entry for an Epson CX3650 +multi-function scanner/printer device (assuming you are sharing +the printer function with cups): + +attach 100 { + device-name "ugen[0-9].[0-9]"; + match "vendor" "0x04b8"; + match "product" "0x080e"; + action "usb_devaddr=`echo $device-name | sed 's#^ugen##'` && \ + chown cups:saned /dev/usb/${usb_devaddr}.* && \ + chmod 660 /dev/usb/${usb_devaddr}.*"; +}; + +Note: A backtick must be used above, due to how devd(8) performs +variable substitutions. + +To determine which port your scanner is connected to, inspect the +output of 'usbconfig list' before and after connecting your scanner, +and note the numbers which appear after 'ugen' in the first column. +Then, use 'usbconfig -d X.Y dump_device_desc' to learn the idVendor +and idProduct fields, and plug them into the above example entry. + +Finally, restart devd with the command: + # /etc/rc.d/devd restart + +Please take %%PREFIX%%/etc/sane.d/dll.conf +as an example only; you may wish to enable only the 'net' backend +on client machines; be sure to point it at your scan server. + +If you are setting up a scan server, you may also wish to edit +%%PREFIX%%/etc/sane.d/saned.conf +to only permit specific machines. + +================================================================== diff --git a/graphics/sane-backends/files/saned.in b/graphics/sane-backends/files/saned.in new file mode 100644 index 000000000000..ae4345a58a05 --- /dev/null +++ b/graphics/sane-backends/files/saned.in @@ -0,0 +1,37 @@ +#!/bin/sh +# +# $FreeBSD$ +# +# PROVIDE: saned +# REQUIRE: netif routing mountcritlocal +# BEFORE: NETWORKING +# +# A sample saned startup script. +# +# Add the following line to /etc/rc.conf to enable saned: +# saned_enable="YES" +# + +. /etc/rc.subr + +name="saned" +rcvar=`set_rcvar` +command="%%PREFIX%%/sbin/${name}" + +start_precmd=${name}_prestart + +saned_prestart() +{ + case "${saned_flags}" in + *-a\ *) err "saned_flags includes the -a option. Please use saned_uid instead." ;; + esac +} + +load_rc_config $name + +: ${saned_enable="NO"} +: ${saned_uid="saned"} + +command_args="-a $saned_uid" + +run_rc_command "$1" |