On 28-Nov-01 Sam Halliday wrote: > but is it still ok for me to install cdrecord normally (not superuser id'd) > and allow priveledged users the ownership of the relevant /dev/sg devices?
It would also be ok to only set suid (i.e. chmod 47xx) without setting sgid (set group id) as I understand Jörg. Certainly you can set the device permissions -- but if for some reason the scsi chain changes the same device could suddenly by your harddrive which then is completely unprotected from direct access. cdrecord at least would check if it's indeed talking to a cdrom drive. > cheers anyway, ill just settle for my setup as it is... i certainly dont > want to hand out sceduling priority to normal users! and i am intent on > never installing anything suid or sqid Just out of curiosity: find / -perm +1000 on your system does produce not even *one* file? How do you run your xserver? SUID (or sgid) is not bad as such -- but one should indeed carefully think about what is allowed to become SUID root. K.-H. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]