[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Packages not making it into testing

On Wed, Apr 25, 2001 at 11:57:50PM +1000, Hamish Moffatt wrote:
> Doesn't the user have to belong to the relevant group anyway?
> We already control access to things like floppy drives, sound
> cards etc through groups, so cd burning is another good example.

-rwxr-sr-x    1 root     cdrom      498300 Nov 23 04:37 /usr/bin/xcdrgtk*

The user does not need to be in group cdrom to use it. This _gives_ any user
access to the raw device.

> Why not su/sudo? Well, that would let the user access files they
> can't normally read. Eg burn other users' home directories on
> to a CD. Also, X authority stuff is messy to transfer between
> users.

I don't see how sgid cdrom will help here. Just make it non-sgid, and if
they're a member of group cdrom, they can burn a cd, period. X authority is
easy, just su, don't su -.

-> -/-                       - Rahul Jain -                       -\- <-
-> -\- http://linux.rice.edu/~rahul -=- mailto:rahul-jain@usa.net -/- <-
-> -/- "I never could get the hang of Thursdays." - HHGTTG by DNA -\- <-
   Version 11.423.999.220020101.23.50110101.042
   (c)1996-2000, All rights reserved. Disclaimer available upon request.

Reply to: