Am Sonntag, 11. Januar 2004 22:23 schrieb Michael Schuerig:
> On Sunday 11 January 2004 21:08, Jean-Michel Kelbert wrote:
> > I will do some modification to this package next week.
> > (First I have a blog to setup, and I want to contact the maintenair
> > so that Debian modifications can be integrated in the upstream
> > sources.)
> >
> > Please send me what you intend for this package :
> > -debconf configuration
>
> I'm writing on-list so others can correct me if I'm mistaken. Here's
> what I think should happen on installation of k3b:
>
> - Find out which devices are related to CD writers and readers.
Why exactly?
> - If they're not already, ask if their group should be set to cdrom.
> - If permissions and group of programs used by k3b (cdrecord,
> cdrdao, ...) are not suitable, ask if they should be changed to
> appropriate values (group cdrom, but which permissions exactly?).
If they run as setuid root (cdrecord needs that anyway), why bother changing
the device files. With hotpluggable devices, this will mostly (!) be wrong
anyway. If I plug in an USB-CD-Writer than the whole setup doesn't gain you
anything (except when also having an apropriate hoplug script).
> - If allowed, apply the changes using dpkg-statoverride.
Don't do this to other program because either:
1. They are a debian packages and a user friendly but secure setup should be
done by its maintainer.
or
2. They were not installed as a package and the admin is responsible of doing
it correctly.
If you can work from a console with the program (by having the user in the
correct group) then k3b should work correctly, too. Any test that fails
although everything work correctly should be removed or fixed.
> - Display a list of users (whose home dirs are in /home) and allow to
> add them to group cdrom. This list should also be shown when upgrading
> and the list of users has changed. Notify that users added latter may
> have to be added to group cdrom manually.
In Debian, this is _not_ done for the following groups:
dialout - to dial out with a modem
audio - to play audio files
video - to use DRI
...
Installing xmms will not fiddle with group "audio".
Why exactly should be done for group "cdrom"?
> I think(!) these are the required permissions and group
>
> root cdrom 4750 /usr/bin/cdrecord
Are you sure that this script needs to be setuid root? It is not the real
binary.
> root cdrom 4710 /usr/bin/cdrecord.shm
> root cdrom 4710 /usr/bin/cdrecord.mmap
> root cdrom 4710 /usr/bin/readcd
> root cdrom 4710 /usr/bin/cdrdao
Currently, they are
$ ls -l /usr/bin/cdrecord*
-rwsr-xr-- root cdrom /usr/bin/cdrecord
-rwsr-xr-- root cdrom /usr/bin/cdrecord.mmap
-rwsr-xr-- root cdrom /usr/bin/cdrecord.shm
Those are not the most restrictive settings, though, but the cdrecord package
already does it right.
> /usr/bin/cdrecord is a shell script and thus apparently has to be group
> readable in order to be group executable.
Correct.
> > -"improve" k3bsetup2
> > -both ? : Maybe it would be the solution.
>
> k3bsetup2 doesn't fit in well with a debian setup. That said, I'd feel
> uneasy just leaving it out. Some suggestions
I'd leave it out of the package. It is surely not needed in a correctly
working distribution. Actually, k3b _should_ find everything working (except
the user not being in the correct group).
HS
--
Mein GPG-Key ist auf meiner Homepage verfügbar: http://www.hendrik-sattler.de
oder über pgp.net
PingoS - Linux-User helfen Schulen: http://www.pingos.org
Attachment:
pgpizK_5VvmwT.pgp
Description: signature