On 08/07/2006 02:39 PM, Glenn English wrote:
José Alburquerque wrote:
My problem is that I'd like cdrecord not to have the SUID set (the 's'
in '-rwsr-xr--' above). I'm not sure this is possible, but if it is and
someone out there knows, I'd really appreciate it! I'm running testing
(etch).
Me too etch. With an ATAPI burner.
I fought with this for a while and found the real problem to be permissions
on the /dev file.
No, that isn't it.
On my system, the permissions on the burner (/dev/hdc) are rw for the
group (cdrom) (cdrecord isn't SUID root). Then add vanilla users to the
cdrom group.
I find it hard to believe that this works. I tried that too
and discovered that running cdrecord SUID root is a
requirement; cdrecord uses privileged IOCTLS (whatever they are).
If you want to do it without the extra group, just make the burner world
write-able. I don't see how a cracker could get much mileage out of that...
The user won't get much mileage out of it either. Sudo is the
only alternative to making cdrecord SUID root.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
