Re: CD burning and root



On Thu, 19 Dec 2002 textshell neutronstar dyndns org wrote:

> On Thu, Dec 19, 2002 at 03:55:05AM -0500, Alexander Larsson wrote:
> > On 18 Dec 2002, Andrew Sobala wrote:
> > 
> > > After the previous CD burning discussion, I tried the nautilus CD
> > > burner.
> > > 
> > > On my RH8 system, you need root access to burn a CD. This could be
> > > changed, but is fairly standard.
> > > 
> > > If I put files in burn:///, then start up nautilus-cd-burner as root, it
> > > doesn't see any files to burn (presumably burn:/// is user specific and
> > > root cannot access my burn:/// folder). Starting it up using PAM doesn't
> > > work either, presumably because PAM starts the application as root.
> > > (Starting it up as myself works, but I can only make ISOs.)
> > > 
> > > Is there a way to give the application root permissions yet allow it to
> > > access a user's burn:/// folder? Does this need to be implemented in the
> > > code itself? It really needs to be addressed before it becomes a viable
> > > CD burning utility (I know it's still alpha), and could something that
> > > needs addressing at a lower level in GNOME.
> > 
> > You need to give the user write access to the cd writer device. This can 
> > be done in various ways, on pam-based distros it typically will be done 
> > using console.perms. 
> > 
> 
> Hmm, I think this kind of stuff (write permission to generic scsi devices) is
> quite distro and site specific and potentially also dangerous. So i would
> appreciate if we could have a (documented) way for root to burn stuff for the
> users. If you feel that is a option that just works around solveble problems
> just document the right way, but I'm almost completly sure that there are good
> reasons for a system administrator not to allow user access to the cd recorder.

Exactly what do you want? You can easily tell the user to burn to an iso 
using nautilus-cd-burner, and then root can burn it. Or do you want the 
user to launch cdrecord as root after typing in the password? That strikes 
me as more dangerous then having access to the cd scsi device.

Anyway, I'd love to hear other ideas how this can be handled. Possible 
solutions i know of are:
consoles.perms, making a cdwriter group, setuid or setguid cdrecord.

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Alexander Larsson                                            Red Hat, Inc 
                   alexl redhat com    alla lysator liu se 
He's a scarfaced amnesiac hairdresser who dotes on his loving old ma. She's a 
brilliant cigar-chomping detective who don't take no shit from nobody. They 
fight crime! 




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]