[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: allowing a "normal" user to work efficiently

Benedict Verheyen wrote:
2. In case of cd writing, you can set the SUID of cdrecord and related
programs or you can use sudo. Only problem with sudo is that the user
has to type sudo in front of the commands.

dpkg-reconfigure cdrecord, and then set it suid.  Add users to the cdrom
group if you want them to be able to burn cds.  The only thing is that
some people think setting cdrecord suid is a risk.

I have never understood why setting cdrecord suid would be a security
issue. I mean, i can understand that on a file server for instance one
would prefer the sudo method, but on a normal desktop, why wouldn't you
use suid?
I've always wondered.


If the machine is isolated behind a firewall, then you probably have
nothing to worry about.  I think the concern is that cdrecord lets you
remotely access the burning device, which could be trouble on a file
server as you point out.


Attachment: pgpHbu7gy6B1E.pgp
Description: PGP signature

Reply to: