Dear Folks, On Mon, Jul 12, 2004 at 10:23:22AM -0400, Geoffrey wrote: > Nick Urbanik wrote: > >Dear Folks, > > > >my Perl program at > >http://ictlab.tyict.vtc.edu.hk/ftp/tarball/make-path-lists.pl seems > >ready to use; I am now backing everything up using it. I still > >haven't finished; I'll let the list know when I have finished my > >complete backup and have tested it successfully. > > > >I have one problem remaining that I hope someone could point me to the > >answer for: > > > >When backing up many files, some of which I do not have read > >permission to access as my ordinary account, is the only way to access > >them to do something like su to root, then run growisofs? > > > >It's just that I don't like using su, but if that's the only way, then > >I'll do it. > > check out sudo. You can set it up so that a specific id can run a > specific command as root. man sudo. I agree that sudo is useful; I wrote this intro to sudo for my students: http://ictlab.tyict.vtc.edu.hk/ossi/lab/sudo/sudo.pdf which includes a picture of a chainsaw, under which I wrote, "Doing everything as root is like cutting bread with a chainsaw." However, Andy wrote in his man page for growisofs in dvd+rw-tools-5.19.4.9.7 that "If executed under sudo(8) growisofs refuses to start." ... #!/bin/ksh unset SUDO_COMMAND export MKISOFS=/path/to/trusted/mkisofs exec growisofs "$@" And there is the answer to my question. Andy is rightly concerned that running growisofs under sudo allows any user with sudo privilege read access to any file in the file system, as well as the right to execute program of their choice with elevated privileges. When the reason for running growisofs with elevated privileges *is* to get read access to any file in the file system, then running it under sudo is fine, as long as the fact that it may run any program instead of mkisofs is taken into account. I had been reading an earlier man page for dvd+rw-tools-5.17.4.8.6 which did not mention this, while running the later version (:-# (embarrassed). -- Nick Urbanik RHCE nicku(at)vtc.edu.hk Proud member of the Dept. of Information & Communications Technology, Home of Visual Paradigm: Jolt Productivity Award winner, programmed by our own graduates! Tel: (852) 2436 8576 Fax: (852) 2436 8526 GPG: 7FFA CDC7 5A77 0558 DC7A 790A 16DF EC5B BB9D 2C24 ID: BB9D2C24
Attachment:
pgpQDDMJF0PEx.pgp
Description: PGP signature