SANE Network Scanning

Document and image scanners have become an integral part of many offices. With a scanner, you can quickly digitize photos, diagrams, and even textual documents for electronic alteration and distribution.

Document and image scanners have become an integral part of many offices. With a scanner, you can quickly digitize photos, diagrams, and even textual documents for electronic alteration and distribution.

Unfortunately, scanners are bulky devices, and for many offices, the demand for scanner use doesn’t justify placing one on every desktop. For this reason, scanners are often a shared resource. Frequently, an office will set aside a single computer as a sort of scanner station: a user walks to this system, scans his or her documents on it, and transfers the scans back to his or her desktop. This configuration has its problems, though — the file transfer process is klunky, and if there’s no spare computer to dedicate to this function, the user whose computer hosts the scanner may be inconvenienced by others’ scanning needs.

Linux’s scanning software, Scanner Access Now Easy (or SANE, http://www.sane-project.org), offers an alternative: network scanning. Like network printing, network scanning enables many computers to access a single scanner as if it were attached locally. Configuring network scanning takes more effort than setting up scanning on a single computer, but the benefits are worthwhile, particularly if your scanner is physically close enough to computers on your network to make feeding documents while sitting at any of the computers convenient.

Understanding the SANE Architecture

SANE is an unusual package. It’s a series of programs that implement and use an API for scanner access. SANE is composed of three types of software components: back-ends are the drivers that control access to the scanner; middleware or meta back-ends implement the SANE API; and front-ends are programs that a user runs to perform a scan.

The back-ends and middleware both reside on the server system, and the front-ends reside on the client. Depending upon your configuration, you can have multiple middleware components. One important middleware component is a server, known as saned, which responds to network requests from front-ends on other systems.

Installing SANE

Most Linux distributions ship SANE either as a monolithic package (typically called sane) or as two packages (sane-frontends and sane-backends). To use SANE in a network environment, you’ll need to install the software on the server and all the clients. You may be able to get away with installing only the sane-backends package on the server, but the client requires both packages, if your distribution splits them up in this way.

Because SANE implements an API that can theoretically be used by any program, various scanning front-ends that are not technically part of SANE are also available. The most notable examples are xsane (http://www.xsane.org), which is a good GUI scanning front-end, and Kooka (http://www.kde.org/apps/kooka), which is a SANE-enabled scanning tool designed for KDE. SANE front-ends for non-Linux systems, including Windows, are also available. Consult http://www.sane-project.org/sane-frontends.html for links to many of these programs.

Configuring Basic Scanner Settings

Configuring the scanning server computer requires configuring the hardware, any low-level drivers required by the hardware, the SANE back-ends, the device interface files, and the saned middleware. Each of these components poses its own unique challenges.

Hardware configuration depends greatly on the scanner’s model and type. In some cases, you must install a card (such as a SCSI adapter) in your computer. (Many SCSI scanners ship with cheap SCSI adapters for which no Linux drivers are available. If you have such a scanner, you may need to buy a Linux-compatible SCSI host adapter.)

Some scanners have power switches, but others don’t. If yours has such a switch, be sure it’s turned on. Some scanners also have switches to lock the scanning mechanism during shipment. Be sure such a switch, if present, is set to its operating position before attempting to use the scanner.

SANE relies upon Linux kernel drivers to access the scanner hardware. These drivers are fairly generic and exist for broad classes of scanners: SCSI scanners require a driver for your specific SCSI host adapter and the SCSI generic sg driver; USB scanners require basic USB support, support for your USB interface type (OHCI, UHCI, or EHCI), and the USB scanner driver; and parallel-port scanners interface via the parallel port, and these need the Linux parport and parport_pc drivers.

In all cases, you should ensure that your drivers are loaded, either by compiling them directly into the kernel or by loading the kernel modules. Most Linux distributions configure themselves such that these drivers load automatically when required, so you may want to skip ahead to other matters and come back to driver configuration only if you have problems.

SANE back-ends are distinct from kernel drivers, but they’re drivers of another sort. They’re configured via the /etc/sane.d /dll.conf file. This file contains a list of driver names, such as mustek or umax1220u, one to a line. When SANE tries to access a scanner, it looks to this file and tries to locate every scanner listed in this file. Some Linux distributions ship their SANE packages with the entries in this back-end list commented out with hash marks (#); others ship with all of the entries available. You should definitely check the list and ensure that your back-end is listed. Leaving back-ends you don’t use enabled may slow down scanner detection, but shouldn’t cause serious problems. If you’re not sure what back-end to use, consult the list of scanners supported by SANE at http://www.sane-project.org/sane-supported-devices.html.

In addition to the /etc/sane.d/dll.conf file, other files in this directory provide options for specific scanners. Files are named after the drivers they control, as in umax1220u.conf for the umax1220u driver. In most cases, you should leave these files alone. However, sometimes you may need to tweak a setting in your back-end configuration file, such as changing a device filename for your system.

The device filename is critically important. In most cases, the easiest way to find it is to type sane-find-scanner as root. This command should return a list of scanners on the system, including their device filenames, such as /dev/usb/ scanner0. Sometimes the system will report two or more device filenames for a single scanner, because of symbolic links or duplicate device files. This condition isn’t a problem, although users might be confused by the duplicate listings.

Unfortunately, sane-fine-scanner doesn’t always succeed. Sometimes it fails because kernel drivers or SANE back-ends aren’t loaded. The utility can’t detect parallel-port scanners at all, and when run on a SANE network client, it won’t find scanners connected to network servers.

To limit access to the scanner device, you should give ownership of the device file to a particular user or group, and ensure that only that user or group can access the file. (SANE requires read/write access to function at all.) Here, we’ll use the saned user and saned group as an example, but you can use another user and group if you prefer. Of course, the user and group must exist, so you may need to create them.

Another tool to detect and verify basic scanner operation is scanimage. This is actually a simple text-mode SANE front-end, but it usually ships in the back-end package. Type scanimage -L to obtain a list of scanners. scanimage yields something like this:

device `umax1220u:/dev/usb/scanner0′
is a UMAX Astra 1220U flatbed scanner

This output lists the scanner’s device name, umax1220u: /dev/usb/scanner0. This device name contains a Linux device filename (/dev/usb/scanner0), but is preceded by a SANE back-end name (umax1220u). Local SANE applications that access the scanner use the device name. If you like, you can test your scanner locally using a tool such as XSane.

Configuring saned

To configure the SANE network server, you should first edit /etc/sane.d/saned.conf. This file contains a list of IP addresses or hostnames, one per line, that may access the saned server. Add one entry for each client that should be able to access the server, as in:


The saned daemon is fairly simple in its security measures: any user on the listed systems can use the scanner. Although saned gives limited access to the computer, for best security, you should use redundant controls — use TCP Wrappers, xinetd settings, or firewalls to limit access to the SANE port.

Once you’ve set up basic security, you should ensure that an appropriate entry for the SANE port number is present in /etc/services:

sane 6566/tcp # SANE network scanner access

The saned server is designed to be run from a super server. If your system uses inetd, you should add a line like the following to /etc/inetd.conf:

sane stream tcp nowait saned.saned
/usr/sbin/saned saned

(The line is split across two lines because of publishing line-length limits, but it should be one line in the /etc/inetd.conf file.) This example runs the saned server as the user saned and group saned, but you may want to change this detail. You might also change /usr/sbin/saned to /usr/sbin/tcpd to apply TCP Wrappers security controls. If your system uses xinetd, you must create a file in /etc/xinetd.d that contains equivalent information:

service sane
disable = no
socket_type = stream
protocol = tcp
wait = no
user = saned
group = saned
server = /usr/sbin/saned

Whether your system uses inetd or xinetd, you must then restart or reload the super server. On most distributions, you can do this by typing a command like /etc/rc.d/init.d /xinetd reload. You may need to omit the rc.d portion of the path or change the server name, depending upon your distribution. Sometimes the reload option isn’t enough, so you may need to issue a restart command instead.

At this point, the saned server should be up and running. You need only configure the SANE clients to access this server.

Configuring the Scanning Clients

SANE network client configuration is similar to configuring a SANE driver: You must edit the /etc/sane/dll.conf file on the client system to tell it what SANE device to use. In the case of a SANE network client, though, the SANE device isn’t a local scanner, but the SANE network server. This device is indicated by the name net in the dll.conf file. To reduce SANE front-end startup times, you may want to remove other devices from the dll.conf file; a file consisting only of a single line with net on it should suffice.

The SANE net back-end is configured via /etc/sane.d/ net.conf. Unlike most back-ends, this one requires configuration for your network. Specifically, this file consists of a series of lines, each of which holds the hostname or IP address of a computer running a SANE server. On a small network with just one scanner, the file will contain just one entry.

After you configure the client, you should test the configuration by typing scanimage -L as you did on the SANE server computer. (You should be able to run this command as an ordinary user on the client.) The result should be similar to the result on the server, but the scanner device name will begin with net and include the server’s hostname (scan in this example):

device `net:scan:umax1220u:/dev/usbscanner’
is a UMAX Astra 1220U flatbed scanner

If this step fails but the same command works when run on the server, check these potential problem spots first:

* SUPER SERVER CONFIGURATION. Be sure the super server is configured correctly. Try using a telnet client to connect to the SANE port. (Checking with telnet also verifies that you can at least get through to the server.)

* MACHINE IDENTIFICATION. Check the /etc/sane.d/ saned.conf file on the server to be sure the client is authorized to connect. Check the /etc/sane.d/net.conf file on the client to be sure the server is listed as a target system. Check that the net back-end is in /etc/sane.d/dll.conf on the client.

* DEVICE PERMISSIONS. Be sure that at least one scanner device file grants both read and write permissions to the user or group you specify in your super server configuration.

Using SANE Clients

Figure One: Many SANE applications provide a variety of scanning options

If the scanimage -L command run on the client returns the name of the scanner on the server, you should be able to scan images across the network. The XSane program is a good basic scanning tool. When you launch it, the program may ask you to select which scanner to use. (If your server detected the same scanner via multiple device files, which one you choose is unimportant.) You’ll then see a series of windows similar to those shown in Figure One.

Typically, you’ll want to preview your document before scanning it. Click “Acquire Preview” in the Preview window to do this. You can then select the area you want to scan using click-and-drag. Select the target (that is, view the document, save it to disk, and so on) in the XSane Mode option in the window in the upper-left corner of Figure One. Adjust the resolution, gamma, brightness, and contrast values. (The precise options available depend on your scanner, so what you see may not precisely match what’s shown in Figure One.) To perform the actual scan, click the “Scan” button in the (upper-left of the) main window.

Most networks provide sufficient speed to make network scanning as fast as local scanning. If the scanner is in close proximity to multiple computers, as in a scanner in a small office occupied by two or three people, the network scanning features of SANE can be extremely convenient. Even if the scanner’s a few yards away from users, network scanning can be a good way to minimize resource requirements, provided users don’t need to frequently scan multi-page documents.

Roderick W. Smith is the author or co-author of twelve books, including
Advanced Linux Networking and Linux Power Tools. He can be reached at rodsmith@rodsbooks.com.

Comments are closed.