permissions denied when using k3b
I'm curious as to if anyone has found a reasonable solution to problems with the various gui interfaces running as a non-root user when cdrecord is the chosen tool? I've tried setting permissions on the device, setuid bit and sudo, to no avail. cdrecord always exists because of permissions. -- Until later, Geoffrey Registered Linux User #108567 Building secure systems inspite of Microsoft -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
permissions denied when using k3b
I'm curious as to if anyone has found a reasonable solution to problems with the various gui interfaces running as a non-root user when cdrecord is the chosen tool? I've tried setting permissions on the device, setuid bit and sudo, to no avail. cdrecord always exists because of permissions. -- Until later, Geoffrey Registered Linux User #108567 Building secure systems inspite of Microsoft
Re: permissions denied when using k3b
> I'm curious as to if anyone has found a reasonable solution to problems > with the various gui interfaces running as a non-root user when cdrecord > is the chosen tool? > > I've tried setting permissions on the device, setuid bit and sudo, to no > avail. cdrecord always exists because of permissions. Not by a GUI but by shell scripts, i frequently use cdrecord as non-root. Setuid bit does work for me (Linux kernels 2.0 to 2.4, cdrecord 1.6 to 2.01). The superuser once applied : cdrecord_address=...insert.address.here... chown root $cdrecord_address chmod a+x,go-w,u+s $cdrecord_address Ownership and permissions now look like : -rwsr-xr-x1 root root What can have gone wrong ? - the GUI program got its own ideas what cdrecord to use ? ( try cdrecord standalone ) - your attempts to set owner and permissions did not take effect ? ( ls -l ) - you treated the wrong file ? ( find / -name cdrecord -print 2>/dev/null ) - your system refuses to perform setuid ? ( try out with own code ) - ( room for more ideas ) Disclaimer : Skilled local users might try to exploit the security problems of setuid. sudo would be better but -to my knowledge- demands some kind of skilled sysadmin during setup. Also the application would have to call sudo rather than cdrecord. Preferable if achievable. Have a nice day :) Thomas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: permissions denied when using k3b
>From: Geoffrey <[EMAIL PROTECTED]> >I'm curious as to if anyone has found a reasonable solution to problems >with the various gui interfaces running as a non-root user when cdrecord >is the chosen tool? >I've tried setting permissions on the device, setuid bit and sudo, to no >avail. cdrecord always exists because of permissions. There is an official way to do this -> see man cdrecord If your GUI does not like this method, you are lost and it cannot work. Jörg -- EMail:[EMAIL PROTECTED] (home) Jörg Schilling D-13353 Berlin [EMAIL PROTECTED](uni) If you don't have iso-8859-1 [EMAIL PROTECTED](work) chars I am J"org Schilling URL: http://www.fokus.fraunhofer.de/usr/schilling ftp://ftp.berlios.de/pub/schily -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: permissions denied when using k3b
Joerg Schilling wrote: From: Geoffrey <[EMAIL PROTECTED]> I'm curious as to if anyone has found a reasonable solution to problems with the various gui interfaces running as a non-root user when cdrecord is the chosen tool? I've tried setting permissions on the device, setuid bit and sudo, to no avail. cdrecord always exists because of permissions. There is an official way to do this -> see man cdrecord I tried this and it did not work. What does work is using sudo with the proper configuration (NOPASSWD for select users). -- Until later, Geoffrey Registered Linux User #108567 Building secure systems in spite of Microsoft -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: permissions denied when using k3b
Geoffrey wrote: I'm curious as to if anyone has found a reasonable solution to problems with the various gui interfaces running as a non-root user when cdrecord is the chosen tool? I've tried setting permissions on the device, setuid bit and sudo, to no avail. cdrecord always exists because of permissions. A common approach is to make cdrecord setuid root, in a special group (I use burners often), then add selected users to the burners group. Trying to fake the permissions on the device doesn't address other issues like being able to lock memory and use realtime scheduling. I confess, on an unloaded system those optimizations are usually not needed, although on a loaded system they certainly are! -- bill davidsen <[EMAIL PROTECTED]> CTO TMR Associates, Inc Doing interesting things with small computers since 1979 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: permissions denied when using k3b
Bill Davidsen wrote: Geoffrey wrote: I'm curious as to if anyone has found a reasonable solution to problems with the various gui interfaces running as a non-root user when cdrecord is the chosen tool? I've tried setting permissions on the device, setuid bit and sudo, to no avail. cdrecord always exists because of permissions. A common approach is to make cdrecord setuid root, in a special group (I use burners often), then add selected users to the burners group. Trying to fake the permissions on the device doesn't address other issues like being able to lock memory and use realtime scheduling. I confess, on an unloaded system those optimizations are usually not needed, although on a loaded system they certainly are! I think I already posted my solution, but now I'm not sure, anyway, I found that judicial use of sudo resolved my problems. Thanks for the follow up though -- Until later, Geoffrey Registered Linux User #108567 Building secure systems in spite of Microsoft -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: permissions denied when using k3b
> I'm curious as to if anyone has found a reasonable solution to problems > with the various gui interfaces running as a non-root user when cdrecord > is the chosen tool? > > I've tried setting permissions on the device, setuid bit and sudo, to no > avail. cdrecord always exists because of permissions. Not by a GUI but by shell scripts, i frequently use cdrecord as non-root. Setuid bit does work for me (Linux kernels 2.0 to 2.4, cdrecord 1.6 to 2.01). The superuser once applied : cdrecord_address=...insert.address.here... chown root $cdrecord_address chmod a+x,go-w,u+s $cdrecord_address Ownership and permissions now look like : -rwsr-xr-x1 root root What can have gone wrong ? - the GUI program got its own ideas what cdrecord to use ? ( try cdrecord standalone ) - your attempts to set owner and permissions did not take effect ? ( ls -l ) - you treated the wrong file ? ( find / -name cdrecord -print 2>/dev/null ) - your system refuses to perform setuid ? ( try out with own code ) - ( room for more ideas ) Disclaimer : Skilled local users might try to exploit the security problems of setuid. sudo would be better but -to my knowledge- demands some kind of skilled sysadmin during setup. Also the application would have to call sudo rather than cdrecord. Preferable if achievable. Have a nice day :) Thomas
Re: permissions denied when using k3b
>From: Geoffrey <[EMAIL PROTECTED]> >I'm curious as to if anyone has found a reasonable solution to problems >with the various gui interfaces running as a non-root user when cdrecord >is the chosen tool? >I've tried setting permissions on the device, setuid bit and sudo, to no >avail. cdrecord always exists because of permissions. There is an official way to do this -> see man cdrecord If your GUI does not like this method, you are lost and it cannot work. Jörg -- EMail:[EMAIL PROTECTED] (home) Jörg Schilling D-13353 Berlin [EMAIL PROTECTED](uni) If you don't have iso-8859-1 [EMAIL PROTECTED](work) chars I am J"org Schilling URL: http://www.fokus.fraunhofer.de/usr/schilling ftp://ftp.berlios.de/pub/schily
Re: permissions denied when using k3b
Joerg Schilling wrote: From: Geoffrey <[EMAIL PROTECTED]> I'm curious as to if anyone has found a reasonable solution to problems with the various gui interfaces running as a non-root user when cdrecord is the chosen tool? I've tried setting permissions on the device, setuid bit and sudo, to no avail. cdrecord always exists because of permissions. There is an official way to do this -> see man cdrecord I tried this and it did not work. What does work is using sudo with the proper configuration (NOPASSWD for select users). -- Until later, Geoffrey Registered Linux User #108567 Building secure systems in spite of Microsoft
Re: permissions denied when using k3b
Geoffrey wrote: I'm curious as to if anyone has found a reasonable solution to problems with the various gui interfaces running as a non-root user when cdrecord is the chosen tool? I've tried setting permissions on the device, setuid bit and sudo, to no avail. cdrecord always exists because of permissions. A common approach is to make cdrecord setuid root, in a special group (I use burners often), then add selected users to the burners group. Trying to fake the permissions on the device doesn't address other issues like being able to lock memory and use realtime scheduling. I confess, on an unloaded system those optimizations are usually not needed, although on a loaded system they certainly are! -- bill davidsen <[EMAIL PROTECTED]> CTO TMR Associates, Inc Doing interesting things with small computers since 1979
Re: permissions denied when using k3b
Bill Davidsen wrote: Geoffrey wrote: I'm curious as to if anyone has found a reasonable solution to problems with the various gui interfaces running as a non-root user when cdrecord is the chosen tool? I've tried setting permissions on the device, setuid bit and sudo, to no avail. cdrecord always exists because of permissions. A common approach is to make cdrecord setuid root, in a special group (I use burners often), then add selected users to the burners group. Trying to fake the permissions on the device doesn't address other issues like being able to lock memory and use realtime scheduling. I confess, on an unloaded system those optimizations are usually not needed, although on a loaded system they certainly are! I think I already posted my solution, but now I'm not sure, anyway, I found that judicial use of sudo resolved my problems. Thanks for the follow up though -- Until later, Geoffrey Registered Linux User #108567 Building secure systems in spite of Microsoft
