On Tue, Aug 08, 2006 at 12:49:27PM -0400, José Alburquerque wrote:
The setuid-root sollution (give only the group executable rights, make it
suid root), please note that this is a security risk - you have been
warned):
1) create a group and add users as above
2) remove world executable from cdrecord ("chmod o-x /usr/bin/cdrecord")
3) make cdrecord setuid root ("chown root /usr/bin/cdrecord; chmod u+s
/usr/bin/cdrecord")
4) make the group of cdrecord the newly created group ("chgrp cdburn
/usr/bin/cdrecord")
Now, only users in the cdburn group can execute cdrecord, and it will be
executed with root priviligies.
Don't forget to use dpkg-statoverride to set the permissions. Otherwise,
the permissions will revert when up upgrade the cdrecord package.
Also be CAREFUL. On my system, /usr/bin/cdrecord is a SHELL SCRIPT, and
SUID-root shell scripts are a big security hole, IIRC. You probably want
to set the permissions on /usr/bin/cdrecord.mmap.
--
Dwayne C. Litzenberger <[EMAIL PROTECTED]>
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
