Re: k3b cdrecord
On Monday 12 January 2004 01:35, Hendrik Sattler wrote:
> > Here's what I think should happen on installation of k3b:
> > - If permissions and group of programs used by k3b
> > (cdrecord, cdrdao, ...) are not suitable, ask if they should be
> > changed to appropriate values (group cdrom, but which permissions
> > exactly?).
> > - If allowed, apply the changes using dpkg-statoverride.
>
> Don't do this to other program because either:
> 1. They are a debian packages and a user friendly but secure setup
> should be done by its maintainer.
Then my suggestions don't apply to the k3b package, but to cdrecord and
cdrdao. From a quick glance at the postinst files, I found that
cdrecord already allows to setup the programs so that members of group
cdrom can use them. cdrdao currently doesn't do this.
> > - Display a list of users (whose home dirs are in /home) and allow
> > to add them to group cdrom. This list should also be shown when
> > upgrading and the list of users has changed. Notify that users
> > added latter may have to be added to group cdrom manually.
>
> In Debian, this is _not_ done for the following groups:
> dialout - to dial out with a modem
> audio - to play audio files
> video - to use DRI
> ...
>
> Installing xmms will not fiddle with group "audio".
> Why exactly should be done for group "cdrom"?
At least users need to be informed about the required group membership.
I don't yet see why they should not be given an option to change it
there and then.
> > I think(!) these are the required permissions and group
> >
> > root cdrom 4750 /usr/bin/cdrecord
>
> Are you sure that this script needs to be setuid root? It is not the
> real binary.
True, it doesn't have to be, but in its current incarnation k3b checks
for this. Effectively, only the cdrecord.* binaries need to be suid
root, but k3b doesn't know about them and thus can't check them. Should
it just assume they're setup appropriately?
Michael
--
Michael Schuerig Life is just as deadly
mailto:michael@schuerig.de as it looks.
http://www.schuerig.de/michael/ --Richard Thompson, "Sibella"
Reply to: