Re: CD burning and root

From: Alexander Larsson <alexl redhat com>
To: textshell neutronstar dyndns org
Cc: desktop-devel-list gnome org
Subject: Re: CD burning and root
Date: Fri, 20 Dec 2002 15:15:12 -0500 (EST)

On Fri, 20 Dec 2002 textshell neutronstar dyndns org wrote:

> On Fri, Dec 20, 2002 at 03:09:49AM -0500, Alexander Larsson wrote:
> > On Thu, 19 Dec 2002 textshell neutronstar dyndns org wrote:
> > 
> > > On Thu, Dec 19, 2002 at 03:55:05AM -0500, Alexander Larsson wrote:
> > > > On 18 Dec 2002, Andrew Sobala wrote:
> > > > 
> > > > > Is there a way to give the application root permissions yet allow it to
> > > > > access a user's burn:/// folder? Does this need to be implemented in the
> > > > > code itself? It really needs to be addressed before it becomes a viable
> > > > > CD burning utility (I know it's still alpha), and could something that
> > > > > needs addressing at a lower level in GNOME.
> > > > 
> > > > You need to give the user write access to the cd writer device. This can 
> > > > be done in various ways, on pam-based distros it typically will be done 
> > > > using console.perms. 
> > > > 
> > > 
> > > Hmm, I think this kind of stuff (write permission to generic scsi devices) is
> > > quite distro and site specific and potentially also dangerous. So i would
> > > appreciate if we could have a (documented) way for root to burn stuff for the
> > > users. If you feel that is a option that just works around solveble problems
> > > just document the right way, but I'm almost completly sure that there are good
> > > reasons for a system administrator not to allow user access to the cd recorder.
> > 
> > Exactly what do you want? You can easily tell the user to burn to an iso 
> > using nautilus-cd-burner, and then root can burn it. Or do you want the 
> > user to launch cdrecord as root after typing in the password? That strikes 
> > me as more dangerous then having access to the cd scsi device.
> > 
> > Anyway, I'd love to hear other ideas how this can be handled. Possible 
> > solutions i know of are:
> > consoles.perms, making a cdwriter group, setuid or setguid cdrecord.
> > 
> 
> My idea is that root or someone with enough permissons can just open another
> users burn:/// folder and use the normal nautilus-cd-burner user interface. That
> would ease things for the admins/sysops that don't really know much about Linux
> / Gnome etc. but just have to get their work done.
> 
> That is IMHO what Andrew Sobala asked for: Some way for root the see a normal
> users burn:///. This way the admin can easyly check what's written to the CD and
> my do somechanges.

I plan to eventually write a companion app the copies disk-to-disk and 
iso-to-disk. With that written the user could just use n-c-b to generate 
the iso and root could do the iso-to-disk using the other app.

-- 
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 Alexander Larsson                                            Red Hat, Inc 
                   alexl redhat com    alla lysator liu se 
He's a notorious zombie vampire hunter with acid for blood. She's a 
mistrustful bisexual hooker with a flame-thrower. They fight crime!

Follow-Ups:
- Re: CD burning and root
  - From: Michael Thomas Vanderford

References:
- Re: CD burning and root
  - From: textshell

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]