-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Am Mittwoch, 13. November 2002 14:39 schrieb Michael Schuerig: > You, as a user wanting to burn CDs, don't need any root privileges. The > kernel is just fine. As is cdrecord. Your distribution (debian) or your > administrator (that may be yourself) has to configure things properly > and everything works just fine with ordinary user privileges. This may > mean, that some programs have to run setuid root. That's not radically > different from what's happening with other packages.
Yes, an "addgroup <user> cdrom" is enough to make it work. But you do not really want that to users,you cannot trust ultimately, because suid-root in this case allows it to specify anything as dev= in cdrecord command line: overwriting any scsi device is nice for harmful things... The thing for cdrecord is, that it cannot use /dev/<something> but needs really raw access to the device (I hope this to come in kernel 2.6) because the sg* devices do not allow this. THATs the reason why it has to be setuid-root and it is really a kernel thing to change that. Using ATAPI-CDRWs is already possible (special kernel versions and a cdrecord patch is needed IIRC). On-top-of-cdrecord programs like XCD-Roast then approach the whole thing wrong: there is no need for them to be setuid-root when the cdrecord binary already is. But as this is not always the case (see above why maybe not), again they have to have root rights to call cdrecord. After all, the situation is there due to a lack of kernel abilities. HS - -- Mein GPG-Key ist auf meiner Homepage verfügbar: http://www.hendrik-sattler.de oder über pgp.net PingoS - Linux-User helfen Schulen: http://www.pingos.schulnetz.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE90oMZzvr6q9zCwcERAl9GAKCbWo6eVM2qkuIVNeqlbPP/ofMhkQCfbL1c uY0UYdpIin2zoK9pTqXCrxo= =EhQJ -----END PGP SIGNATURE-----