Re: Mount CD/DVD and playback DVD as normal user

Wed, 13 Nov 2013 13:35:51 -0800 

Am Mon, 11 Nov 2013 22:08:20 +0000
schrieb Laurence Rochfort <laurence.rochf...@gmail.com>:

> Hello,
> 
> I'm trying to configure my laptop so that a normal user may mount a
> CD/DVD or playback a DVD in Xine.
> 
> So far I've just put an entry in /etc/fbtab. /cdrom permissions look
> OK, but the devices themselves less so.
> 
> What are the consequences of putting myself in the operator group?
> Where can I find a description of those groups?
> 
> Advice greatly appreciated.
> 
> Cheers,
> Laurence.
> 
> drwxr-xr-x   2 root  wheel      512 Nov  8 14:29 cdrom
> 
> brw-r-----  1 root  operator    6,   0 Nov  8 14:13 /dev/cd0a
> brw-r-----  1 root  operator    6,   2 Nov  8 14:13 /dev/cd0c
> brw-r-----  1 root  operator    6,  16 Nov  8 14:13 /dev/cd1a
> brw-r-----  1 root  operator    6,  18 Nov  8 14:13 /dev/cd1c
> crw-r-----  1 root  operator   15,   0 Nov  8 14:13 /dev/rcd0a
> crw-r-----  1 root  operator   15,   2 Nov  8 14:13 /dev/rcd0c
> crw-r-----  1 root  operator   15,  16 Nov  8 14:13 /dev/rcd1a
> crw-r-----  1 root  operator   15,  18 Nov  8 14:13 /dev/rcd1c
> 
> #       $OpenBSD: fbtab.head,v 1.2 1999/05/05 06:56:34 deraadt Exp $
> # login(1) reads this file to determine which devices should be
> chown'd to # the new user. Format is:
> # login-tty     perm    device:[device]:...
> /dev/ttyC0      0600
> /dev/console:/dev/wskbd:/dev/wskbd0:/dev/wsmouse:/dev/wsmouse0:/dev/ttyCcfg
> /dev/X0         0600    /dev/wsmouse:/dev/wsmouse0
> # samples
> #/dev/ttyC0     0600    /dev/fd0
> /dev/ttyC4      0755    /dev/cd0a:/dev/rcd0c
> 

Hi Laurence,

as this is your own laptop - is your unprivileged user added to
sudoers? This is how I manage to handle mounting CDs:

~~~~~~~~~~~~~~~
$ cat /etc/fstab  grep cd 
/dev/cd0a /cdrom cd9660 ro,noauto 0 0   # read only
/dev/cd0c /dvd cd9660 rw,noauto 0 0     # for burning CDs/DVDs

$ sudo cat /etc/sudoers | grep NOPASSWD
%wheel  ALL=(ALL) NOPASSWD: SETENV: ALL
~~~~~~~~~~~~~~~

The "inconvenience" is that I always have to mount it with "sudo"
prepended. You might as well restrict the allowed actions to just a few
commands, e.g. 'mount'. See man sudoers

As I do not share the laptop with others I can live with any
theoretical issues that might go along with this setting. If s.o. gets
physical access to the laptop I am in trouble anyway...

Cheers,
STEFAN



Mit freundlichen Grüßen,

STEFAN WOLLNY

Regulatory Reporting Consultancy
Tel.: +49 (0) 177 655 7875
Fax.: +49 (0) 3212 655 7875
Mail: ste...@wollny.de
GnuPG-Key ID: 0x9C26F1D0

Reply via email to