Re: CD burning without root priviligdes
-----BEGIN PGP SIGNED MESSAGE-----
Am Mittwoch, 13. November 2002 14:39 schrieb Michael Schuerig:
> You, as a user wanting to burn CDs, don't need any root privileges. The
> kernel is just fine. As is cdrecord. Your distribution (debian) or your
> administrator (that may be yourself) has to configure things properly
> and everything works just fine with ordinary user privileges. This may
> mean, that some programs have to run setuid root. That's not radically
> different from what's happening with other packages.
Yes, an "addgroup <user> cdrom" is enough to make it work. But you do not
really want that to users,you cannot trust ultimately, because suid-root in
this case allows it to specify anything as dev= in cdrecord command line:
overwriting any scsi device is nice for harmful things...
The thing for cdrecord is, that it cannot use /dev/<something> but needs
really raw access to the device (I hope this to come in kernel 2.6) because
the sg* devices do not allow this. THATs the reason why it has to be
setuid-root and it is really a kernel thing to change that. Using ATAPI-CDRWs
is already possible (special kernel versions and a cdrecord patch is needed
On-top-of-cdrecord programs like XCD-Roast then approach the whole thing
wrong: there is no need for them to be setuid-root when the cdrecord binary
already is. But as this is not always the case (see above why maybe not),
again they have to have root rights to call cdrecord.
After all, the situation is there due to a lack of kernel abilities.
Mein GPG-Key ist auf meiner Homepage verfügbar: http://www.hendrik-sattler.de
oder über pgp.net
PingoS - Linux-User helfen Schulen: http://www.pingos.schulnetz.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.0 (GNU/Linux)
-----END PGP SIGNATURE-----