Re: k3b cdrecord

To: debian-kde@lists.debian.org
Subject: Re: k3b cdrecord
From: Michael Schuerig <michael@schuerig.de>
Date: Mon, 12 Jan 2004 08:54:57 +0100
Message-id: <[🔎] 200401120854.57825.michael@schuerig.de>
In-reply-to: <[🔎] 200401120135.19354.ubq7@rz.uni-karlsruhe.de>
References: <[🔎] btpd89$a4hvj$1@ID-216239.news.uni-berlin.de> <[🔎] 200401112223.04174.michael@schuerig.de> <[🔎] 200401120135.19354.ubq7@rz.uni-karlsruhe.de>

On Monday 12 January 2004 01:35, Hendrik Sattler wrote:

> > Here's what I think should happen on installation of k3b:

> > - If permissions and group of programs used by k3b
> > (cdrecord, cdrdao, ...) are not suitable, ask if they should be
> > changed to appropriate values (group cdrom, but which permissions
> > exactly?).

> > - If allowed, apply the changes using dpkg-statoverride.
>
> Don't do this to other program because either:
> 1. They are a debian packages and a user friendly but secure setup
> should be done by its maintainer.

Then my suggestions don't apply to the k3b package, but to cdrecord and 
cdrdao. From a quick glance at the postinst files, I found that 
cdrecord already allows to setup the programs so that members of group 
cdrom can use them. cdrdao currently doesn't do this.

> > - Display a list of users (whose home dirs are in /home) and allow
> > to add them to group cdrom. This list should also be shown when
> > upgrading and the list of users has changed. Notify that users
> > added latter may have to be added to group cdrom manually.
>
> In Debian, this is _not_ done for the following groups:
> dialout - to dial out with a modem
> audio - to play audio files
> video - to use DRI
> ...
>
> Installing xmms will not fiddle with group "audio".
> Why exactly should be done for group "cdrom"?

At least users need to be informed about the required group membership. 
I don't yet see why they should not be given an option to change it 
there and then.

> > I think(!) these are the required permissions and group
> >
> > root cdrom 4750 /usr/bin/cdrecord
>
> Are you sure that this script needs to be setuid root? It is not the
> real binary.

True, it doesn't have to be, but in its current incarnation k3b checks 
for this. Effectively, only the cdrecord.* binaries need to be suid 
root, but k3b doesn't know about them and thus can't check them. Should 
it just assume they're setup appropriately?

Michael

-- 
Michael Schuerig                              Life is just as deadly
mailto:michael@schuerig.de                              as it looks.
http://www.schuerig.de/michael/        --Richard Thompson, "Sibella"

Reply to:

Follow-Ups:
- Re: k3b cdrecord
  - From: Jean-Michel Kelbert <kelbert@debian.org>

References:
- k3b cdrecord
  - From: Markus Henrich <MJ.Henrich@gmx.de>
- Re: k3b cdrecord
  - From: Michael Schuerig <michael@schuerig.de>
- Re: k3b cdrecord
  - From: Hendrik Sattler <ubq7@rz.uni-karlsruhe.de>

Prev by Date: Re: k3b & kernel 2.6
Next by Date: permissions of /tmp/.ICE-unix
Previous by thread: Re: k3b cdrecord
Next by thread: Re: k3b cdrecord
Index(es):
- Date
- Thread