I am a newbie to linux but am using SuSE 10.0.

I have a scsi scanner that is used only occasionally so it is turned off most of the time. The scsi bus is apparently only scanned at boot up; so I had to reboot every time I wanted to use the scanner. Fortunately I found the script "rescan-scsi-bus.sh" which will find the scanner after it has been turned on. The problem is that this requires permission to /proc/scsi/scsi. I can run this fine as root, but I don't want to give out the root password too all the users (not that there are many, but, it is still a security issue).

How do I permanently give a user or group of users permission to /proc/scsi/scsi? Since I understand that /proc is a virtual file system I assume it is handled differently from the normal file system.

/proc is indeed a "pseudo-filesystem". Since it contains information from the kernel's memory, making it
accessible to a bunch of users isn't very safe.

What you could try instead is allowing normal users to run the "rescan-scsi-bus.sh" script as if they were root.
This can be accomplished by:
-using sudo and configuring it to allow the script (and only the script) for the users you choose;
-enabling the setUID permission bit on the script and chown'ing it to root. You'll need to make sure that it is
in a safe place, like /sbin. Nobody but root may have write access on the directory it's stored in, or any of the directories above that directory (ie if you put it in /A/B/C, then only root may have write permission on A, B and C). This is important for security.

A final remark: why would normal users require the possibility to add (or remove) the scanner from the SCSI bus? Installing/uninstalling devices on your machine should be left up to root for safety. You don't allow any normal users to disable your graphics card or network card or anything like that either, so why should the scanner be any different?

I know how to do it for usb scanner but not for scsi.
Maybe have a look here:
man sane-scsi

timmeke - Thanks for the suggestion I will try the setUID. I was told that linux ignores the SUID bit for scripts and only recognizes it for binary executables. But, it is certainly worth a try.

I have the scanner drivers installed and configured. But if the scanner is turned off at boot up it will NOT be recognized even after it is turned back on. The script I found above is the only way I have found to recognize the scanner after boot. The scanner is only used occasionally, it would be a waste to leave it on all the time. I don't know about you, but, it seems unreasonable to me for a user to have to reboot the system every time he decides to use a device that didn't happen to be turned on at the time the system was booted. Maybe it is just me, I've been using Windows too long.


nx5000 - I will look into the man page further. It may also have some useful info. Thanks.

I will try the setUID.
While setting this script setuid root won't matter much (won't work AFAIK) the default defense of using setuid root to overcome "problems" is a bad habit and should be discouraged. Especially in your case where using sudo really is the best option. It isn't that hard and you can even specify users to *not* use a password when executing the script. Just make sure your script and the sudoers entry does not allow users to supplying args.

You have a point there, unSpawn.

unSpawn - Thanks! I wasn't aware that sudo had the option of not having to enter the password. This looks like a great solution.