| View previous topic :: View next topic |
| Author |
Message |
hook
Veteran
Joined: 23 Oct 2002
Posts: 1398
Location: Ljubljana, Slovenia
|
 Posted: Sat Dec 14, 2002 11:09 am Post subject: |
 |
|
 ...it doesn't work for me
i tried to do it your way, the only thing i changed was that my cd-rom dev is /dev/hda (don't ask!) ...and it doesn't work
sg is up and running, kernel should have been ok, but if i run cdrecord --scanbus i get:
| Code: | Cdrecord 1.11a39 (i686-pc-linux-gnu) Copyright (C) 1995-2002 Jörg Schilling
cdrecord: No such file or directory. Cannot open '/dev/pg*'. Cannot open SCSI driver.
cdrecord: For possible targets try 'cdrecord -scanbus'. Make sure you are root.
cdrecord: For possible transport specifiers try 'cdrecord dev=help'.
|
...any ideas?
_________________
tea+free software+law=hook
(deep inside i'm still a tux's little helper) |
|
| Back to top |
|
 |
474
l33t
Joined: 19 Apr 2002
Posts: 714
|
| Posted: Mon Dec 16, 2002 12:17 pm Post subject: |
|
|
Using my technique, you must load the ide-scsi module, it will not be loaded for you unless you put it in /etc/modules.autoload. You can also insmod it after you've booted.
I've just tested the technique on a new fourth machine and it is still going strong. As I said, if you run into a dead end you can always do it the other way and add | Code: | | append="hda=ide-scsi" |
on your kernel boot line in Grub. And if that still doesn't work then try omitting IDE CD-ROM support. |
|
| Back to top |
|
|
Terrible
n00b
Joined: 18 Jul 2002
Posts: 22
Location: Ekaterinburg, Russia
|
| Posted: Fri Dec 20, 2002 1:15 pm Post subject: devfsd.conf and non-root cdrw permissions |
|
|
Hi kerframil,
I should say that this guide was of tremendous help for me. But I have to notice that I haven't edited /etc/devfsd.conf and /etc/group to allow non-roots to burn CD's, but, surprisingly, I can do it (logged in as a regular user)!
Do you think I should be worried on the security of my system said this happening? |
|
| Back to top |
|
|
474
l33t
Joined: 19 Apr 2002
Posts: 714
|
| Posted: Fri Dec 20, 2002 9:48 pm Post subject: |
|
|
| Quote: | But I have to notice that I haven't edited /etc/devfsd.conf and /etc/group to allow non-roots to burn CD's, but, surprisingly, I can do it (logged in as a regular user)!
Do you think I should be worried on the security of my system said this happening? |
Terrible, perhaps you followed my recommendation to suid the cdrecord binary? If so, then I believe you have nothing to worry about. If the suid bit is set on the cdrecord binary then as soon as any user invokes cdrecord, cdrecord will run with root priveleges (because root is the owner of that particular file) and have full access to the SCSI bus. Consequently any user should be able to record whether devfs has been modified or not.
Try running cdrecord -scanbus as a non-root user. If no CD-R device is detected then everything is normal. Modifying devfs changes the permissions on the SCSI bus. Having write permissions on the SCSI bus can enable users to send arbitrary data out to a device and cause corruption and damage, so that's why devfs doesn't allow it by default. But this restriction doesn't apply to a process running as root because root has full access permissions to every device under /dev.
If you only want to record CDs as root, then do not suid the cdrecord binary, and leave devfs as you have. That will give you the best security i.e. non-root users simply will not be able to record CDs. This command will strip the suid bit from the binary: | Code: | | chmod -x /usr/bin/cdrecord |
|
|
| Back to top |
|
|
hook
Veteran
Joined: 23 Oct 2002
Posts: 1398
Location: Ljubljana, Slovenia
|
| Posted: Fri Dec 20, 2002 10:27 pm Post subject: |
|
|
it works for me now ...there was a forum i found (can't remember which one) that sloved my problem ...i only had to run ide-cdrom as module and scsi support as a built in 
_________________
tea+free software+law=hook
(deep inside i'm still a tux's little helper) |
|
| Back to top |
|
|
474
l33t
Joined: 19 Apr 2002
Posts: 714
|
| Posted: Fri Dec 20, 2002 10:42 pm Post subject: |
|
|
| Quote: | | i only had to run ide-cdrom as module and scsi support as a built in |
Yes, you must run ide-cdrom support as a module or not at all. Surprised you had to do SCSI support as a built-in, but glad you got it working anyway  |
|
| Back to top |
|
|
st. anger
Apprentice
Joined: 30 Oct 2002
Posts: 273
|
| Posted: Sat Dec 21, 2002 8:32 am Post subject: |
|
|
ok, not sure if i have everything right, here is my /etc/devfsd.conf:(the part that matters)
| Code: |
# Autoload the sg module if generic scsi driver compiled as module.
LOOKUP ^sg$ MODLOAD ACTION sg
# Give the cdrw group write permissions to /dev/sg0
# This is done to have non root user use the burner (scan the scsi bus)
REGISTER ^scsi/host.*/bus.*/target.*/lun.*/generic PERMISSIONS root.cdrw 660
# General note for the following auto creation of symlinks:
#
# If you change the device that the symlink points to,
# you should also remove the symlink before restarting
# devfsd
# Create /dev/cdrom for the first cdrom drive
LOOKUP ^cdrom$ CFUNCTION GLOBAL mksymlink cdroms/cdrom0 cdrom
REGISTER ^cdrom/cdrom0$ CFUNCTION GLOBAL mksymlink $devname cdrom
UNREGISTER ^cdrom/cdrom0$ CFUNCTION GLOBAL unlink cdrom
# Create /dev/dvd for the second cdrom drive
# (change 'cdroms/cdrom1' to suite your setup)
# NOTE: We add the fully qualified path here, else some apps
# have problems to resolve the true device (drip comes to mind)
#LOOKUP ^dvd$ CFUNCTION GLOBAL mksymlink ${mntpnt}/cdroms/cdrom1 dvd
#REGISTER ^cdrom/cdrom1$ CFUNCTION GLOBAL mksymlink ${devpath} dvd
#UNREGISTER ^cdrom/cdrom1$ CFUNCTION GLOBAL unlink dvd
# Create /dev/cdrw for the first cdrom on the scsi bus
# (change 'sr0' to suite your setup)
LOOKUP ^cdrw$ CFUNCTION GLOBAL mksymlink sr0 cdrw
REGISTER ^sr0$ CFUNCTION GLOBAL mksymlink $devname cdrw
UNREGISTER ^sr0$ CFUNCTION GLOBAL unlink cdrw
|
i can run cdrecord -scanbus as a normal user and get desired output, but I cannot play audio cds as a normal user
when i do an "ls -al /dev/sr0" it shows ownership as root:root. shouldnt it be root:cdrw? same goes for /dev/cdrom, cdrw, etc.. weird thing though: when i do:
"ls -al /dev/scsi/host0/bus0/target1/lun0/cd"
it shows ownershp as xamn:cdrom (xamn is my username)
i have been fighting this for a while now, resorting to use root to play my cds |
|
| Back to top |
|
|
Vancouverite
Apprentice
Joined: 28 Sep 2002
Posts: 162
Location: Vancouver, Canada
|
| Posted: Sun Dec 22, 2002 3:11 am Post subject: |
|
|
| Thanks for the great post kerframil. I set this up a few days ago and followed your instructions exactly. Everything works great for me... I've tested it thouroughly on my desktop pc (Athlon 1.4GHz, MSI-K7T-Turbo, 8x4x32 LG CDR and LG 16x DVDROM on the same IDE channel, lolo-sources). Supermount finally works good with my dvdrom using fluxbox/endeavour2 (supermount has been problematic for me with gnome2/nautilus at the best of times). I have no problems burning cd's and using my dvdrom to either watch movies or transfer files at the same time. Also no problems doing this when I max out everyting else (cpu, disk transfers and downloads)... xmms doesn't even skip a note. The only kernel parameters I am using that are in any way related are ide0/1=autotune, I also enable interrupt unmasking on hda,b,c,d. I had one weirdo problem at first. My cdr mounted on my dvdrom mount point (/dvdrom) and dvdrom mounted on my cdr mount point (/cdrw). I don't know why this happened.. fstab was fine. I modified fstab to mount cdr to /dvdrom and dvdrom to /cdrw and this fixed it. If anyone knows why my mount points got reversed... please tell me. |
|
| Back to top |
|
|
474
l33t
Joined: 19 Apr 2002
Posts: 714
|
| Posted: Thu Dec 26, 2002 5:54 am Post subject: |
|
|
| xamn wrote: | when i do an "ls -al /dev/sr0" it shows ownership as root:root. shouldnt it be root:cdrw? same goes for /dev/cdrom, cdrw, etc.. weird thing though: when i do:
"ls -al /dev/scsi/host0/bus0/target1/lun0/cd"
it shows ownershp as xamn:cdrom (xamn is my username) |
No I don't think so. Top-level /dev entries are only symlinks (for backward compatibility in devfs) and having root:root permissions is fine AFAIK. It's the devices that they point to where it counts. So the permissions "xamn:cdrom" are also fine, because devfs grants permissions to you (in context) and to the cdrom group which is right, isn't it? This behaviour can be changed in devfsd.conf.
Having said that, I can't suss out why you shouldn't be able to play audio CDs. Let's assume the permissions could be a problem, in which case have you tried pointing your CD player tool directly to the real device node? |
|
| Back to top |
|
|
474
l33t
Joined: 19 Apr 2002
Posts: 714
|
| Posted: Thu Dec 26, 2002 6:00 am Post subject: |
|
|
| Vancouverite wrote: | | Thanks for the great post kerframil. I set this up a few days ago and followed your instructions exactly. Everything works great for me... |
You're welcome and great, respectively
| Vancouverite wrote: | | My cdr mounted on my dvdrom mount point (/dvdrom) and dvdrom mounted on my cdr mount point (/cdrw). I don't know why this happened.. fstab was fine. I modified fstab to mount cdr to /dvdrom and dvdrom to /cdrw and this fixed it. If anyone knows why my mount points got reversed... please tell me. |
Perhaps devfs isn't too intelligent about determing whether a device is a CD or DVD. In fact, maybe it has no way to distinguish the difference. Have a look at devfsd.conf (the relevant section of which xamn has conveniently posted above, and look at the REGISTER lines and the "Change foo to suit your setup" comments. Maybe they need tweaking for your setup. |
|
| Back to top |
|
|
Terrible
n00b
Joined: 18 Jul 2002
Posts: 22
Location: Ekaterinburg, Russia
|
| Posted: Thu Dec 26, 2002 8:14 am Post subject: |
|
|
kerframil,
| kerframil wrote: |
Try running cdrecord -scanbus as a non-root user. If no CD-R device is detected then everything is normal.
|
I did so and noticed that a non-root member of the wheel group can successfully run it as opposed to other non-root users. |
|
| Back to top |
|
|
474
l33t
Joined: 19 Apr 2002
Posts: 714
|
| Posted: Thu Dec 26, 2002 8:28 am Post subject: |
|
|
| Quote: | | I did so and noticed that a non-root member of the wheel group can successfully run it as opposed to other non-root users. |
That's most intriguing. That seems as though its in keeping with the nature of the wheel group, but I'm not sure what the mechanics behind the permissiveness granted to members of the wheel group in this case. I know that members of the wheel group are able to elevate to root priveleges, so maybe some programs are designed to allow that by implication (or to perform certain tasks that would only be allowed by root) at the program author's discretion (Portage is one such program in terms of it's searching and pretend options). Just a theory, anyway. But one thing's for sure, an untrusted user should never be in the wheel group. |
|
| Back to top |
|
|
Terrible
n00b
Joined: 18 Jul 2002
Posts: 22
Location: Ekaterinburg, Russia
|
| Posted: Thu Dec 26, 2002 9:32 am Post subject: |
|
|
| kerframil wrote: |
But one thing's for sure, an untrusted user should never be in the wheel group.
|
Yeah |
|
| Back to top |
|
|
gzaector
Tux's lil' helper
Joined: 24 Nov 2002
Posts: 132
Location: 304
|
| Posted: Sun Dec 29, 2002 5:12 am Post subject: |
|
|
| Code: | # Create /dev/cdrom for the first cdrom drive
LOOKUP ^cdrom$ CFUNCTION GLOBAL mksymlink cdroms/cdrom0 cdrom
REGISTER ^cdrom/cdrom0$ CFUNCTION GLOBAL mksymlink $devname cdrom
UNREGISTER ^cdrom/cdrom0$ CFUNCTION GLOBAL unlink cdrom
# Create /dev/dvd for the second cdrom drive
# (change 'cdroms/cdrom1' to suite your setup)
# NOTE: We add the fully qualified path here, else some apps
# have problems to resolve the true device (drip comes to mind)
#LOOKUP ^dvd$ CFUNCTION GLOBAL mksymlink ${mntpnt}/cdroms/cdrom1 dvd
#REGISTER ^cdrom/cdrom1$ CFUNCTION GLOBAL mksymlink ${devpath} dvd
#UNREGISTER ^cdrom/cdrom1$ CFUNCTION GLOBAL unlink dvd
# Create /dev/cdrw for the first cdrom on the scsi bus
# (change 'sr0' to suite your setup)
LOOKUP ^cdrw$ CFUNCTION GLOBAL mksymlink sr0 cdrw
REGISTER ^sr0$ CFUNCTION GLOBAL mksymlink $devname cdrw
UNREGISTER ^sr0$ CFUNCTION GLOBAL unlink cdrw |
coud i comment all of them out, since i dont use /dev/cdrom etc etc, i use /dev/hdc and what not |
|
| Back to top |
|
|
474
l33t
Joined: 19 Apr 2002
Posts: 714
|
| Posted: Mon Dec 30, 2002 10:40 am Post subject: |
|
|
| Bump. Important announcement: good news, cdrtools-2.0 is out - see original post on this thread. |
|
| Back to top |
|
|
MrIch
Apprentice
Joined: 25 May 2002
Posts: 204
|
| Posted: Thu Jan 02, 2003 1:54 pm Post subject: |
|
|
| How to setup k3b with an ide cd burner? I do not want to activate ide-scsi since I use cdrtools 2.0 |
|
| Back to top |
|
|
474
l33t
Joined: 19 Apr 2002
Posts: 714
|
| Posted: Thu Jan 02, 2003 1:57 pm Post subject: |
|
|
| I don't yet have k3b installed on my system so I can't precisely answer that now. But perhaps I could assist if you relate some of the configuration options to me in more detail? |
|
| Back to top |
|
|
ZammyBOI
n00b
Joined: 11 Dec 2002
Posts: 5
Location: Västerås, Sweden
|
| Posted: Fri Jan 03, 2003 12:58 am Post subject: |
|
|
Good evening everybody!
A couple of minutes ago I downloaded cdrtools 2.0 with the intention of making it work _without_ ide-scsi emulation. I haven't tried burning yet but thought that I could post what I've done this far.
| Code: | bash-2.05a# cdrecord -scanbus
Cdrecord 2.0 (i686-pc-linux-gnu) Copyright (C) 1995-2002 Jörg Schilling
cdrecord: No such file or directory. Cannot open '/dev/pg*'. Cannot open SCSI driver.
cdrecord: For possible targets try 'cdrecord -scanbus'. Make sure you are root.
cdrecord: For possible transport specifiers try 'cdrecord dev=help'.
|
So I read the output of 'cdrecord dev=help' and tried some other commands, among them this:
| Code: | bash-2.05a# cdrecord -scanbus -dev=ATAPI:0,0,0
Cdrecord 2.0 (i686-pc-linux-gnu) Copyright (C) 1995-2002 Jörg Schilling
scsidev: 'ATAPI:0,0,0'
devname: 'ATAPI'
scsibus: 0 target: 0 lun: 0
Warning: Using ATA Packet interface.
Warning: The related libscg interface code is in pre alpha.
Warning: There may be fatal problems.
Using libscg version 'schily-0.7'
scsibus0:
0,0,0 0) 'LITE-ON ' 'LTR-40125S ' 'ZS0K' Removable CD-ROM
0,1,0 1) 'SAMSUNG ' 'CD-ROM SCR-3230 ' 'S102' Removable CD-ROM
0,2,0 2) *
0,3,0 3) *
0,4,0 4) *
0,5,0 5) *
0,6,0 6) *
0,7,0 7) *
|
Looks quite nice. I hope it will work when doing some laser exercises tomorrow.
*UPDATE* "cdrecord -scanbus -dev=ATAPI" is also working nicely. Don't forget to use CAPITAL letters. /*UPDATE* |
|
| Back to top |
|
|
pilla
Bodhisattva
Joined: 07 Aug 2002
Posts: 7730
Location: Underworld
|
| Posted: Fri Jan 03, 2003 1:17 am Post subject: |
|
|
Now that I've got used to all this scsi emulation.... 
| MrIch wrote: | | How to setup k3b with an ide cd burner? I do not want to activate ide-scsi since I use cdrtools 2.0 |
_________________
"I'm just very selective about the reality I choose to accept." -- Calvin |
|
| Back to top |
|
|
ZammyBOI
n00b
Joined: 11 Dec 2002
Posts: 5
Location: Västerås, Sweden
|
| Posted: Fri Jan 03, 2003 2:52 am Post subject: |
|
|
| Bloody Bastard wrote: | | Now that I've got used to all this scsi emulation.... |
Well, direct ATAPI is considered _extremely_ beta. |
|
| Back to top |
|
|
ZammyBOI
n00b
Joined: 11 Dec 2002
Posts: 5
Location: Västerås, Sweden
|
| Posted: Sat Jan 04, 2003 4:36 pm Post subject: |
|
|
| ZammyBOI wrote: | | Looks quite nice. I hope it will work when doing some laser exercises tomorrow. |
The laser exercises was a success and I'm happy to be free of all ide-scsi emulation, forever I hope. |
|
| Back to top |
|
|
markusg
n00b
Joined: 29 Dec 2002
Posts: 16
|
| Posted: Sat Jan 04, 2003 9:14 pm Post subject: |
|
|
| Is there a way to test the ATAPI interface with xcdroast, etc? How did you do the testing? |
|
| Back to top |
|
|
zen_guerrilla
Guru
Joined: 18 Apr 2002
Posts: 343
Location: Greece
|
| Posted: Sun Jan 05, 2003 1:13 am Post subject: |
|
|
Latest xcdroast (not in portage currently) supports ATAPI with cdrtools-2.0. However I read on its home page faq that using atapi, dma doesn't get enabled, which practically means that u won't be able to write a cd-r on speed s >= 16x.
So till atapi cd-rw support on linux becomes stable I' d suggest to stay on ide-scsi
.:: zen ::. |
|
| Back to top |
|
|
jukka
Apprentice
Joined: 06 Jun 2002
Posts: 249
Location: Zurich, Switzerland
|
| Posted: Sun Jan 05, 2003 4:17 am Post subject: |
|
|
| zen_guerrilla wrote: | | So till atapi cd-rw support on linux becomes stable I' d suggest to stay on ide-scsi |
yes, or use another os for burning. atapi support with openbsd is great! |
|
| Back to top |
|
|
zen_guerrilla
Guru
Joined: 18 Apr 2002
Posts: 343
Location: Greece
|
| Posted: Sun Jan 05, 2003 12:22 pm Post subject: |
|
|
| jukka wrote: | | zen_guerrilla wrote: | | So till atapi cd-rw support on linux becomes stable I' d suggest to stay on ide-scsi |
yes, or use another os for burning. atapi support with openbsd is great! |
I definitely don't want to start a linux vs. bsd flamewar, since I don't know that much about *bsd's, but at least windoze also use an "ide-scsi emulation" method for writing cd-r's IMHO. However ide-scsi works great so far so I guess it's ok
.:: zen ::. |
|
| Back to top |
|
|
|
Documentation, Tips & Tricks
