On Friday 27 January 2012 19:18:07 Samuli Suominen wrote: > On 01/28/2012 02:14 AM, Mike Frysinger wrote: > > along these lines, why is cdrtools set*id ? if we have a "cdrom" group, > > and we assign our cdroms/dvdroms to that group, then we already have > > access control in place and can skip the set*id. > > cdrtools can't probe the drives without the binary being setuid, or the > user belonging to the 'disk' group (and even that is not enough in some > cases if the permissions vary)
the drives are owned by the "cdrom" group and have group +rw. so if the user is in the "cdrom" group, why can't they probe the drives ? "disk" owns the non-removable hard drives. $ ls -l /dev/sr0 /dev/sg0 /dev/sg6 crw-rw---- 1 root disk 21, 0 Jan 6 23:07 /dev/sg0 crw-rw---- 1 root cdrom 21, 6 Jan 6 23:07 /dev/sg6 brw-rw---- 1 root cdrom 11, 0 Jan 17 22:28 /dev/sr0 -mike
signature.asc
Description: This is a digitally signed message part.
