| View previous topic :: View next topic |
| Author |
Message |
gir
n00b
Joined: 02 Sep 2002
Posts: 37
|
 Posted: Mon Oct 07, 2002 3:59 am Post subject: More devfs permissions |
 |
|
It seems like devfs permissions are a continual problem... unfortunately, I need to add to the number of posts on that topic. I've searched the forums, googled, read man pages and I still can't get my cdrom, cdrw or dvd permissions set the way I need them.
I have permissions directives in /etc/devfsd.conf that should be correct:
| Quote: |
# Give the cdrw group write permissions to /dev/sg0
# This is done to have non root user use the burner (scan the scsi bus)
REGISTER ^sg1$ PERMISSIONS root.cdrw 660
REGISTER ^sr1$ PERMISSIONS root.cdrw 660
# Create /dev/cdrw for the first cdrom on the scsi bus
# (change 'sr0' to suite your setup)
LOOKUP ^cdrw$ CFUNCTION GLOBAL mksymlink sr0 cdrw
REGISTER ^sr1$ CFUNCTION GLOBAL mksymlink $devname cdrw
UNREGISTER ^sr1$ CFUNCTION GLOBAL unlink cdrw
# Create /dev/cdrom for the first cdrom drive
LOOKUP ^cdrom$ CFUNCTION GLOBAL mksymlink cdroms/cdrom1 cdrom
REGISTER ^cdrom$ PERMISSIONS root.cdrom 660
REGISTER ^cdrom/cdrom1$ CFUNCTION GLOBAL mksymlink $devname cdrom
REGISTER ^cdrom/cdrom1$ PERMISSIONS root.cdrom 660
UNREGISTER ^cdrom/cdrom1$ CFUNCTION GLOBAL unlink cdrom
# Create /dev/dvd for the second cdrom drive
# (change 'cdroms/cdrom1' to suite your setup)
LOOKUP ^dvd$ CFUNCTION GLOBAL mksymlink cdroms/cdrom0 dvd
REGISTER ^dvd$ PERMISSIONS root.cdrom 660
REGISTER ^cdrom/cdrom0$ CFUNCTION GLOBAL mksymlink $devname dvd
REGISTER ^cdrom/cdrom0$ PERMISSIONS root.cdrom 660
UNREGISTER ^cdrom/cdrom0$ CFUNCTION GLOBAL unlink dvd
|
I have ide-scsi emulation compiled in my kernel:
| Quote: |
(From ATA Section of `make menuconfig`)
<*> SCSI emulation support
(From SCSI Section)
<*> SCSI support
--- SCSI support type (disk, tape, CD-ROM)
< > SCSI disk support
< > SCSI tape support
< > SCSI OnStream SC-x0 tape support
<*> SCSI CD-ROM support
[ ] Enable vendor-specific extensions (for SCSI CDROM)
(2) Maximum number of CDROM devices that can be loaded as modules
<*> SCSI generic support
--- Some SCSI devices (e.g. CD jukebox) support multiple LUNs
[ ] Enable extra checks in new queueing code
[ ] Probe all LUNs on each SCSI device
[ ] Verbose SCSI error reporting (kernel size +=12K)
[ ] SCSI logging facility
|
And, finally, I have the proper parameters added to /boot/grub/menu.lst:
| Quote: |
kernel /boot/bzImage root=/dev/hda3 vga=791 video=vesa:ywrap,mtrr hdc=ide-scsi hde=ide-scsi
|
I refuse to run any programs suid and I refuse to run any programs as su (at least I refuse to as long as it should be possible to run them as a normal user). Why can't I set the permissions on my cd/dvd drives when I was perfectly able to set the permissions on my sound devices (/dev/dsp et al)? I've remove symlinks (well, tried to... `sudo rm -rf /dev/dvd` seems to have no effect), played with devfsd.conf and HUP'd devfsd more times than I can count and I'm starting to get a little frustrated... burning cd's would be a nice feature to have under linux.
<rant>
Anyone who says that linux is ready for the desktop market just needs to play with permissions for a while... and, no, telling everyone to run everything as root is not a solution to permission problems! 
</rant> |
|
| Back to top |
|
 |
rac
Bodhisattva
Joined: 30 May 2002
Posts: 6553
Location: Japanifornia
|
| Posted: Mon Oct 07, 2002 4:06 am Post subject: |
|
|
What does "ls" report for the permissions on the device files that are causing you problems?
_________________
For every higher wall, there is a taller ladder |
|
| Back to top |
|
|
gir
n00b
Joined: 02 Sep 2002
Posts: 37
|
| Posted: Mon Oct 07, 2002 4:23 am Post subject: |
|
|
Wow, talk about omitting a crucial piece of information... 
| Quote: |
[irken:~] nielser% ls -ld /dev/cdrom
lr-xr-xr-x 1 root root 13 Oct 6 21:43 /dev/cdrom -> cdroms/cdrom1
[irken:~] nielser% ls -ld /dev/dvd
lr-xr-xr-x 1 root root 13 Oct 6 21:43 /dev/dvd -> cdroms/cdrom0
[irken:~] nielser% ls -ld /dev/cdrw
lr-xr-xr-x 1 root root 3 Oct 6 21:43 /dev/cdrw -> sr1
[irken:~] nielser% ls -ld /dev/sr1
lr-xr-xr-x 1 root root 31 Oct 6 21:24 /dev/sr1 -> scsi/host0/bus0/target1/lun0/cd
[irken:~] nielser% ls -ld /dev/cdroms/cdrom*
lr-xr-xr-x 1 root root 34 Dec 31 1969 /dev/cdroms/cdrom0 -> ../scsi/host0/bus0/target0/lun0/cd
lr-xr-xr-x 1 root root 34 Dec 31 1969 /dev/cdroms/cdrom1 -> ../scsi/host0/bus0/target1/lun0/cd
[irken:~] nielser% ls -ld /dev/scsi/host0/bus0/target?/lun0/cd
brwxrwxrwx 1 root root 11, 0 Dec 31 1969 /dev/scsi/host0/bus0/target0/lun0/cd
brw-rw---- 1 root cdrw 11, 1 Dec 31 1969 /dev/scsi/host0/bus0/target1/lun0/cd
|
Now, I'm kinda glad you made me do that... this is the first time that I've noticed that /dev/scsi/host0/bus0/target1/lun0/cd has the correct permissions. Shouldn't permissions carry through on the symlink though? Maybe this is a useful time to clear up a possible misconception of symlink permissions: if a symlink has different permissions than it's target and a user is able to execute the link to follow it to the target, who's permissions win -- the link or the target's? |
|
| Back to top |
|
|
rac
Bodhisattva
Joined: 30 May 2002
Posts: 6553
Location: Japanifornia
|
| Posted: Mon Oct 07, 2002 4:35 am Post subject: |
|
|
| gir wrote: | | who's permissions win -- the link or the target's? |
The target's - permissions on symlinks themselves are meaningless. How about /dev/sg0? What application are you running that is giving you permission errors? Can you try tracing its execution with strace to see what file is triggering the problem?
_________________
For every higher wall, there is a taller ladder |
|
| Back to top |
|
|
gir
n00b
Joined: 02 Sep 2002
Posts: 37
|
| Posted: Mon Oct 07, 2002 5:40 am Post subject: |
|
|
| Quote: |
[irken:~] nielser% ls -ld /dev/sg*
drwxr-xr-x 1 root root 0 Oct 6 21:24 /dev/sg/
lr-xr-xr-x 1 root root 36 Oct 6 21:24 /dev/sg0 -> scsi/host0/bus0/target0/lun0/generic
lr-xr-xr-x 1 root root 36 Oct 6 21:24 /dev/sg1 -> scsi/host0/bus0/target1/lun0/generic
|
k3b won't see my dvd drive as a possible reader and it only sees my cdrw as a reader, not a burner (though the setup program which runs seperately with root permissions can see both correctly). grip complains that it is unable to open the cdrom drive (but it can play). Since grip uses cdparanoia, here's cdparanoia -vfQ:
| Quote: |
[irken:~] nielser% cdparanoia -vsQ
cdparanoia III release 9.8 (March 23, 2001)
(C) 2001 Monty <monty@xiph.org> and Xiphophorus
Report bugs to paranoia@xiph.org
http://www.xiph.org/paranoia/
Checking /dev/cdrom for cdrom...
Testing /dev/cdrom for cooked ioctl() interface
/dev/scsi/host0/bus0/target1/lun0/cd is not a cooked ioctl CDROM.
Testing /dev/cdrom for SCSI interface
generic device: /dev/scsi/host0/bus0/target1/lun0/generic
ioctl device: /dev/scsi/host0/bus0/target1/lun0/cd
Found an accessible SCSI CDROM drive.
Looking at revision of the SG interface in use...
SG interface version 3.1.24; OK.
CDROM model sensed sensed: SONY CD-RW CRX140E 1.0n
Checking for SCSI emulation...
Drive is ATAPI (using SCSI host adaptor emulation)
Checking for MMC style command set...
Drive is MMC style
DMA scatter/gather table entries: 256
table entry size: 32768 bytes
maximum theoretical transfer: 3566 sectors
Setting default read size to 13 sectors (30576 bytes).
Verifying CDDA command set...
Expected command set reads OK.
|
So it seems that cdparanoia is fine (as expected... have read access on everything). Now, a cdrecord -scanbus:
| Quote: |
Cdrecord 1.11a30 (i686-pc-linux-gnu) Copyright (C) 1995-2002 Jörg Schilling
cdrecord: Permission denied. Cannot open '/dev/sg0'. Cannot open SCSI driver.
cdrecord: For possible targets try 'cdrecord -scanbus'. Make sure you are root.
|
And I'm trying to avoid running any of these programs as root.
Doing cdrecord stuff as root:
| Quote: |
[irken:~] nielser% sudo cdrecord -scanbus
Password:
Cdrecord 1.11a30 (i686-pc-linux-gnu) Copyright (C) 1995-2002 Jörg Schilling
Linux sg driver version: 3.1.24
Using libscg version 'schily-0.6'
scsibus0:
0,0,0 0) 'SONY ' 'DVD-ROM DDU1621 ' 'S1.6' Removable CD-ROM
0,1,0 1) 'SONY ' 'CD-RW CRX140E ' '1.0n' Removable CD-ROM
0,2,0 2) *
0,3,0 3) *
0,4,0 4) *
0,5,0 5) *
0,6,0 6) *
0,7,0 7) *
[irken:~] nielser% cdrecord dev=0,1,0 driveropts=help -checkdrive
Cdrecord 1.11a30 (i686-pc-linux-gnu) Copyright (C) 1995-2002 Jörg Schilling
scsidev: '0,1,0'
scsibus: 0 target: 1 lun: 0
cdrecord: Permission denied. Cannot open '/dev/sg0'. Cannot open SCSI driver.
cdrecord: For possible targets try 'cdrecord -scanbus'. Make sure you are root.
[irken:~] nielser% sudo !!
sudo cdrecord dev=0,1,0 driveropts=help -checkdrive
Cdrecord 1.11a30 (i686-pc-linux-gnu) Copyright (C) 1995-2002 Jörg Schilling
scsidev: '0,1,0'
scsibus: 0 target: 1 lun: 0
Linux sg driver version: 3.1.24
Using libscg version 'schily-0.6'
Device type : Removable CD-ROM
Version : 0
Response Format: 1
Vendor_info : 'SONY '
Identifikation : 'CD-RW CRX140E '
Revision : '1.0n'
Device seems to be: Generic mmc CD-RW.
Driver options:
None supported for this drive.
|
So I guess that my problems revolve around k3b and cdrecord (and cdrdao for that matter. `cdrdao` requires root privledges before it gives sensible output). |
|
| Back to top |
|
|
rac
Bodhisattva
Joined: 30 May 2002
Posts: 6553
Location: Japanifornia
|
| Posted: Mon Oct 07, 2002 5:45 am Post subject: |
|
|
They're probably trying to open /dev/sg0 with write access and failing. Any chance you could get the permissions on the target of that link (the "generic" files) to be 775 root.cdrw or some such? That might help things.
Actually, strike the "probably". I just tested it. That is what they're doing: | Code: | $ strace -eopen -f cdrecord -scanbus 2>&1 | grep sg0
open("/dev/sg0", O_RDWR) = 3 |
_________________
For every higher wall, there is a taller ladder |
|
| Back to top |
|
|
gir
n00b
Joined: 02 Sep 2002
Posts: 37
|
| Posted: Mon Oct 07, 2002 7:19 am Post subject: |
|
|
Yeah, it was sg1 (my cdrw's sg1) that was having the problems. As far as I can tell (copied a cd with cdrdao and tested the diagnostics of cdrecord) everything works now. Well, rac, thanks for the pointers holding my hand through the debugging -- I didn't even consider the possibility that the programs could be requesting the sg{0,1} interfaces and I found some really stupid mistakes in /etc/devfsd.conf.
Anyway, for forum completeness and to help future gentoo-ers, here's my working devfsd.conf:
| Quote: |
# Give the cdrw group write permissions to /dev/sg0
# This is done to have non root user use the burner (scan the scsi bus)
REGISTER ^sg0$ PERMISSIONS root.cdrom 660
REGISTER ^sr0$ PERMISSIONS root.cdrom 660
REGISTER ^sg1$ PERMISSIONS root.cdrw 660
REGISTER ^sr1$ PERMISSIONS root.cdrw 660
# Create /dev/cdrw for the first cdrom on the scsi bus
# (change 'sr0' to suite your setup)
LOOKUP ^cdrw$ CFUNCTION GLOBAL mksymlink sr0 cdrw
REGISTER ^sr1$ CFUNCTION GLOBAL mksymlink $devname cdrw
UNREGISTER ^sr1$ CFUNCTION GLOBAL unlink cdrw
# Create /dev/cdrom for the first cdrom drive
LOOKUP ^cdrom$ CFUNCTION GLOBAL mksymlink cdroms/cdrom1 cdrom
REGISTER ^cdrom$ PERMISSIONS root.cdrom 660
REGISTER ^cdrom/cdrom1$ CFUNCTION GLOBAL mksymlink $devname cdrom
REGISTER ^cdrom/cdrom1$ PERMISSIONS root.cdrom 660
UNREGISTER ^cdrom/cdrom1$ CFUNCTION GLOBAL unlink cdrom
# Create /dev/dvd for the second cdrom drive
# (change 'cdroms/cdrom1' to suite your setup)
LOOKUP ^dvd$ CFUNCTION GLOBAL mksymlink cdroms/cdrom0 dvd
REGISTER ^dvd$ PERMISSIONS root.cdrom 660
REGISTER ^cdrom/cdrom0$ CFUNCTION GLOBAL mksymlink $devname dvd
REGISTER ^cdrom/cdrom0$ PERMISSIONS root.cdrom 660
UNREGISTER ^cdrom/cdrom0$ CFUNCTION GLOBAL unlink dvd
|
Thanks again, rac. It always amazes me how responsive and accurate you are in these forums! |
|
| Back to top |
|
|
maw
Apprentice
Joined: 25 Aug 2002
Posts: 175
Location: Nottingham, UK
|
| Posted: Tue Oct 08, 2002 11:10 pm Post subject: |
|
|
Aaah excellent, thanks for pointing me this way rac. I've now got things working at least well enough to play audio CDs from that drive again as my normal user 
I'll try burning a CD tomorrow, I think that should work though... at least, the permissions look right now 
_________________
Your Gentoo woll sle me sodenly!
I may the beaute of it not sustene
(to misquote Chaucer) |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Multimedia
