On Thu, 2003-11-27 at 11:28, H S wrote: > > On Wed, 2003-11-26 at 18:34, H S wrote: > > --snip-- > > > Next, for some reason, "eject" command is also root only? How do I > > > make normal user also be able to use that as well? > > > > The easiest way is to make the eject binary SUID root. (man chmod > for > > more info) Note that making ANYTHING SUID root is generally a bad > idea. > > But if you're more interested in ease of use than security per se, > then > > it gets the job done. I've been doing that on a couple of my systems > for > > over a year now and have yet to have anyone try to exploit it in any > > way. --snip-- > hmm .. so a normal user by default cannot open/close the CD trays > using eject command. I kind of don't understand, then what is the use > of this restriction since anyone can open a tray from the 'eject' > button on the drive? (CCing debian-user on this for the benefit of future searches. Please keep any replies on-list as well) This is because the Linux security model is based primarily after old Unix systems. Systems where many users would log onto a machine remotely while the machine was kept in a locked up room with very restricted access. So very few people could actually push buttons on the machine. Coincidentally, since you had been asking about using the eject command for a CD-ROM drive, have you checked the permissions on the device? Check to make sure that the "cdrom" group has write permissions to the device and to make sure you are a member of the cdrom group. The only device that I've found I need to use eject as SUID root for is my zip drive. Both of my CD-ROM drives are working just fine. -- Alex Malinovich Support Free Software, delete your Windows partition TODAY! Encrypted mail preferred. You can get my public key from any of the pgp.net keyservers. Key ID: A6D24837
Attachment:
signature.asc
Description: This is a digitally signed message part