On Mon, Dec 09, 2002 at 07:22:50AM -1000, W. Wayne Liauh wrote: > Most distros, RH included, now offer a number of "security" > options during installation. Only a moron OS (i.e., Linux) > would require root privilege to copy a CD by default at > "standard" security. :-)
With SUID, the application runs as root anyway. You merely avoid the process of having to su or sudo. I look at cd writing utilities in similar light to dd and mkfs. > When you run xcdroast for the first time as a non-root, it will > prompt you to log in as root, to change its configuration in > order to allow non-noot users. But for some reason, the Red > Hat version of xcdroast rpm only turns on the setuid bit for > cdda2wav, but not cdparanoia. This is where the problem arose. That ultimately should be up to the application, especially if the package manager does not. I do not think most package managers are smart enough to know if a package should be installed in a high/med/low security situation. I have seen the prompt during OS installation, but that does usually affect how future packages are installed. I will probably install Mandrake and Red Hat on a test box to see how much things have changed now. > Point to be taken: Don't just give someone a Linux CD and > expect him/her to fall in love with it. It is important to > accumulate experience. You will be surprised how much just a > small modification (from the stock distro) can to do improve > its image. But which image? It took a long time for distributions to ship inetd _without_ 10+ services running out of it by default. Red Hat was brave enough to offer xinetd early on to better control what services are running. I think that it is wonderful that some distributions are shipping software to configure firewall rules during installation. I suppose what I really want is role-based access controls to become widespread. Then certain users can be given privileges to run software that can write to the raw device. Standard unix group permissions are probably not verstile enough to do that well. I acknowledge that my views do not make Linux more friendly to the newbie. Windows gives you the power to write CDs without being administrator. It also lets you format your hard drive by loading an URL. -Vince