On 08/07/2006 02:39 PM, Glenn English wrote:
José Alburquerque wrote:My problem is that I'd like cdrecord not to have the SUID set (the 's' in '-rwsr-xr--' above). I'm not sure this is possible, but if it is and someone out there knows, I'd really appreciate it! I'm running testing(etch).Me too etch. With an ATAPI burner.I fought with this for a while and found the real problem to be permissions on the /dev file.
No, that isn't it.
On my system, the permissions on the burner (/dev/hdc) are rw for the group (cdrom) (cdrecord isn't SUID root). Then add vanilla users to the cdrom group.
I find it hard to believe that this works. I tried that too and discovered that running cdrecord SUID root is a requirement; cdrecord uses privileged IOCTLS (whatever they are).
If you want to do it without the extra group, just make the burner world write-able. I don't see how a cracker could get much mileage out of that...
The user won't get much mileage out of it either. Sudo is the only alternative to making cdrecord SUID root.