Re: CD burning and root

On Fri, Dec 20, 2002 at 03:09:49AM -0500, Alexander Larsson wrote:
> On Thu, 19 Dec 2002 textshell neutronstar dyndns org wrote:
> > On Thu, Dec 19, 2002 at 03:55:05AM -0500, Alexander Larsson wrote:
> > > On 18 Dec 2002, Andrew Sobala wrote:
> > > 
> > > > Is there a way to give the application root permissions yet allow it to
> > > > access a user's burn:/// folder? Does this need to be implemented in the
> > > > code itself? It really needs to be addressed before it becomes a viable
> > > > CD burning utility (I know it's still alpha), and could something that
> > > > needs addressing at a lower level in GNOME.
> > > 
> > > You need to give the user write access to the cd writer device. This can 
> > > be done in various ways, on pam-based distros it typically will be done 
> > > using console.perms. 
> > > 
> > 
> > Hmm, I think this kind of stuff (write permission to generic scsi devices) is
> > quite distro and site specific and potentially also dangerous. So i would
> > appreciate if we could have a (documented) way for root to burn stuff for the
> > users. If you feel that is a option that just works around solveble problems
> > just document the right way, but I'm almost completly sure that there are good
> > reasons for a system administrator not to allow user access to the cd recorder.
> Exactly what do you want? You can easily tell the user to burn to an iso 
> using nautilus-cd-burner, and then root can burn it. Or do you want the 
> user to launch cdrecord as root after typing in the password? That strikes 
> me as more dangerous then having access to the cd scsi device.
> Anyway, I'd love to hear other ideas how this can be handled. Possible 
> solutions i know of are:
> consoles.perms, making a cdwriter group, setuid or setguid cdrecord.

My idea is that root or someone with enough permissons can just open another
users burn:/// folder and use the normal nautilus-cd-burner user interface. That
would ease things for the admins/sysops that don't really know much about Linux
/ Gnome etc. but just have to get their work done.

That is IMHO what Andrew Sobala asked for: Some way for root the see a normal
users burn:///. This way the admin can easyly check what's written to the CD and
my do somechanges.

Martin H.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]