View previous topic :: View next topic |
Author |
Message |
sven Apprentice
Joined: 19 Apr 2002 Posts: 274
|
Posted: Mon Apr 22, 2002 7:05 pm Post subject: Burning with different user than root |
|
|
Now that I got my cd recorder working as root I want to burn CDs with my normal user ... what groups should I put my user into to get this working? Also, what else should I pay attention to when trying to burn with a normal user?
Thanks for any help! |
|
Back to top |
|
|
klieber Bodhisattva
Joined: 17 Apr 2002 Posts: 3657 Location: San Francisco, CA
|
Posted: Mon Apr 22, 2002 7:23 pm Post subject: |
|
|
You should just be able to add the user account to whatever group that currently owns the CD burner. (or, create a new group if you want to segregate permissions between your CD-burner and CD-ROM)
Also, you need to make sure that the CD burner device has group read/write privilages.
--kurt _________________ The problem with political jokes is that they get elected |
|
Back to top |
|
|
sven Apprentice
Joined: 19 Apr 2002 Posts: 274
|
Posted: Mon Apr 22, 2002 7:30 pm Post subject: |
|
|
Well, I thought changing the group of the /dev/sg0 device (this is the CD recorder, isn't it? At least Koncd claims this) from root to something else is a bad idea... So should I change the group from root to cdrw for example and put my user into this group? |
|
Back to top |
|
|
klieber Bodhisattva
Joined: 17 Apr 2002 Posts: 3657 Location: San Francisco, CA
|
Posted: Mon Apr 22, 2002 7:41 pm Post subject: |
|
|
sven wrote: | Well, I thought changing the group of the /dev/sg0 device from root to something else is a bad idea |
I have never used a linux system where the root GROUP was the owner of a hard drive or CD-ROM. In Gentoo, the group owner, by default, is "disk". I believe it's a Bad Idea to change the user account ownership to something other than root, but not the group ownership.
So, you can either add your user account to "disk" and make sure "disk" has group read/write permissions on /dev/sg0, or you can create a new group (cdburn, for example) and chown root.cdburn /dev/sg0. (making sure that /dev/sg0 is still group read/writable)
--kurt _________________ The problem with political jokes is that they get elected |
|
Back to top |
|
|
sven Apprentice
Joined: 19 Apr 2002 Posts: 274
|
Posted: Mon Apr 22, 2002 7:51 pm Post subject: |
|
|
On my Gentoo 1.1a system the whole /dev folder is owned by root.root ... Maybe because of devfs? |
|
Back to top |
|
|
klieber Bodhisattva
Joined: 17 Apr 2002 Posts: 3657 Location: San Francisco, CA
|
Posted: Mon Apr 22, 2002 8:12 pm Post subject: |
|
|
sven wrote: | On my Gentoo 1.1a system the whole /dev folder is owned by root.root ... Maybe because of devfs? |
The /dev directory is owned by root.root, yes, but are the devices within that directory also owned by root.root? On my system, audio devices are owned by root.audio, disk devices by root.disk, tty by root.tty and so on. There are some devices owned by root.root, but the majority are owned by root.<some other group>
--kurt _________________ The problem with political jokes is that they get elected |
|
Back to top |
|
|
sven Apprentice
Joined: 19 Apr 2002 Posts: 274
|
Posted: Mon Apr 22, 2002 8:26 pm Post subject: |
|
|
all devices are owned by root.root! |
|
Back to top |
|
|
klieber Bodhisattva
Joined: 17 Apr 2002 Posts: 3657 Location: San Francisco, CA
|
Posted: Mon Apr 22, 2002 8:38 pm Post subject: |
|
|
sven wrote: | all devices are owned by root.root! |
Huh -- that's odd. I originally compiled my system sans devfs support and later compiled it in, so it's possible that my permissions are mucked up.
Anyone else out there care to comment on the ownership of their /dev devices?
--kurt _________________ The problem with political jokes is that they get elected |
|
Back to top |
|
|
kavel n00b
Joined: 21 Apr 2002 Posts: 20 Location: Hillsboro, OR
|
Posted: Mon Apr 22, 2002 8:47 pm Post subject: all devices root.root |
|
|
Hi,
I have installed my system with devfs support from scratch, and it has root.root ownership for all my devices. I was able to change this behaviour through /etc/devfsd.conf though. As an example, my sound devices are set up as:
...
LOOKUP snd MODLOAD ACTION snd
LOOKUP dsp MODLOAD
LOOKUP mixer MODLOAD
LOOKUP midi MODLOAD
REGISTER sound/.* PERMISSIONS root.audio 660
REGISTER snd/.* PERMISSIONS root.audio 660
...
This causes everything under /dev/sound (dsp, dsp1, etc) to be owned by root.audio and have group read/write permissions. I think you can do the same trick for your CD writer too (I haven't tried this though)...
...
REGISTER ^sg0$ PERMISSIONS root.cdrw 660
...
This is what I have learned by trial and error. I may be wrong
Kavel |
|
Back to top |
|
|
sven Apprentice
Joined: 19 Apr 2002 Posts: 274
|
Posted: Mon Apr 22, 2002 8:55 pm Post subject: |
|
|
Found this in /etc/devfsd.conf
# Create /dev/cdrw for the first cdrom on the scsi bus
# (change 'sr0' to suite your setup)
#LOOKUP ^cdrw$ CFUNCTION GLOBAL mksymlink sr0 cdrw
#REGISTER ^sr0$ CFUNCTION GLOBAL mksymlink $devname cdrw
#UNREGISTER ^sr0$ CFUNCTION GLOBAL unlink cdrw
and uncommented it. This seems to be exactly what I was looking for |
|
Back to top |
|
|
chemical n00b
Joined: 10 Apr 2002 Posts: 29 Location: San Diego, CA
|
Posted: Thu Aug 08, 2002 6:05 pm Post subject: |
|
|
doh, said somethign stupid...ignore this post |
|
Back to top |
|
|
AlterEgo Veteran
Joined: 25 Apr 2002 Posts: 1619
|
Posted: Thu Aug 08, 2002 7:17 pm Post subject: |
|
|
This helped me out and tought me a little lesson |
|
Back to top |
|
|
flaw3d n00b
Joined: 07 Aug 2002 Posts: 20
|
Posted: Fri Aug 09, 2002 1:12 am Post subject: |
|
|
Weren't you supposed to set cdrecord to run suid root? I can't remember exactly what I did but I remember something got a suid root. |
|
Back to top |
|
|
arkane l33t
Joined: 30 Apr 2002 Posts: 918 Location: Phoenix, AZ
|
Posted: Fri Aug 09, 2002 2:29 am Post subject: |
|
|
flaw3d wrote: | Weren't you supposed to set cdrecord to run suid root? I can't remember exactly what I did but I remember something got a suid root. |
nah... sgid cdrw maybe.. but probably not suid root...
Mine isn't suid or sgid, it's just
-rwxr-xr-x 1 root root 218368 May 6 00:09 /usr/bin/cdrecord
course you need to have access to the /dev/sr0 or whatever your writer is, so thats where cdrw comes in...
brw-rw---- 1 root cdrw 11, 0 Dec 31 1969 /dev/scsi/host0/bus0/target0/lun0/cd
(/dev/sr0 points to it as a symlink on my system)
Devfs takes care of all the permissions, via /etc/devfsd.conf for me. I had to edit it a bit to make my cdrecorder be a part of the group. |
|
Back to top |
|
|
pilla Bodhisattva
Joined: 07 Aug 2002 Posts: 7729 Location: Underworld
|
Posted: Fri Aug 09, 2002 8:06 pm Post subject: xcdroast |
|
|
The last xcdroast changes the attributes of some binaries it uses to burn cds, so other uses may also burn (CDs, not themselves). root must run it before anybody.
(just in case you don't want to bother about it, just burn some CDs) |
|
Back to top |
|
|
maw Apprentice
Joined: 25 Aug 2002 Posts: 175 Location: Nottingham, UK
|
Posted: Tue Oct 08, 2002 8:37 pm Post subject: |
|
|
The actual device node for my CD writer is owned, for some reason, by matthew.root - I have no idea why, but I assume I should change this...
And surely a symlink can't add permissions to those had by the object it points to... so I'll ideally need the actual node to be
rw-rw---- root.cdrw
yes?
Can someone post any modifications they made to their devfsd.conf, I'm not feeling brave enough to do mine tonight! _________________ Your Gentoo woll sle me sodenly!
I may the beaute of it not sustene
(to misquote Chaucer) |
|
Back to top |
|
|
rac Bodhisattva
Joined: 30 May 2002 Posts: 6553 Location: Japanifornia
|
|
Back to top |
|
|
Zu` l33t
Joined: 26 May 2002 Posts: 716 Location: BE
|
Posted: Tue Oct 08, 2002 9:51 pm Post subject: |
|
|
Hmm.
Perhaps not the most secure solution, but I always just did a "chmod 4711" on things like cdrecord, cdparanoia, cdrdao and mkisofs. I guess I could make a "cdr" group or something and do a chmod 4710 instead.. that would be a bit better I guess.
Then again, after reading this thread, I guess the proper way would be to change permissions in devfsd.conf? |
|
Back to top |
|
|
|