View previous topic :: View next topic |
Author |
Message |
jkcunningham l33t
Joined: 28 Apr 2003 Posts: 649 Location: 47.49N 121.79W
|
Posted: Thu Oct 16, 2003 12:54 am Post subject: Is there a way to let a user burn cds w/o root privileges? |
|
|
I have a couple users that need to burn cd's but don't know how to let them do it without using cdrecord which requires root priviledges. I don't want them having root priviledges. Is there a way around this?
Thanks
-Jeff |
|
Back to top |
|
|
stonent Veteran
Joined: 07 Aug 2003 Posts: 1139 Location: Texas
|
Posted: Thu Oct 16, 2003 1:56 am Post subject: |
|
|
I don't know directly how it is done, however in Knoppix, you can burn CDs using K3B and not be root... _________________ Inspiron 4100 & Sun UltraAXe
Portage on Solaris|Dell Laptop Hacks
The way you feel about organized religion is the same way I feel about organized socialism. |
|
Back to top |
|
|
meowsqueak Veteran
Joined: 26 Aug 2003 Posts: 1549 Location: New Zealand
|
Posted: Thu Oct 16, 2003 2:01 am Post subject: |
|
|
Yes, you just need to set up permissions on the appropriate cdrom device (/dev/cdroms/cdromX usually links to /dev/scsi/host0/bus0/target0/lun0/cd or something similar). I would recommend making /dev/scsi/host0/bus0/target0/lun0/cd owned by group 'cdrom' or 'cdr' and making sure the file has group-rw permissions. You also need rw permissions on the scsi generic device file (/dev/scsi/host0/bus0/target0/lun0/generic) so you could give this the same group ownership.
E.g.
Code: | $ ls /dev/scsi/host0/bus0/target0/lun0
total 0
brw-rw---- 1 root cdrom 11, 0 Jan 1 1970 cd
crw-rw---- 1 root cdrom 21, 0 Jan 1 1970 generic |
Then just add your 'privileged' users to the cdrom group. |
|
Back to top |
|
|
semiSfear Guru
Joined: 08 Jul 2003 Posts: 302 Location: Adelaide, SA
|
Posted: Thu Oct 16, 2003 2:04 am Post subject: |
|
|
I use XCDRoast or cdrdao to burn CDR's. In XCDRoast the first thing you configure is which users have permission to burn... If i remember correctly. To be able to burn with cdrdao you don't need any further permissions. Specially if you have set write access to your burning device. _________________ DnB is my religion, Jungle is my church. |
|
Back to top |
|
|
jkcunningham l33t
Joined: 28 Apr 2003 Posts: 649 Location: 47.49N 121.79W
|
Posted: Thu Oct 16, 2003 2:31 am Post subject: |
|
|
Thanks! I'll try various things out and see what works.
You guys are great.
-Jeff |
|
Back to top |
|
|
meowsqueak Veteran
Joined: 26 Aug 2003 Posts: 1549 Location: New Zealand
|
Posted: Thu Oct 16, 2003 2:35 am Post subject: |
|
|
jkcunningham wrote: | You guys are great. |
Why yes, yes we are |
|
Back to top |
|
|
jkcunningham l33t
Joined: 28 Apr 2003 Posts: 649 Location: 47.49N 121.79W
|
Posted: Fri Dec 12, 2003 3:13 am Post subject: |
|
|
I finally got around to trying the modified permissions to make cdrecord work for a normal user (i.e. a normal user finally got around to bugging me). cdrecord does run now, but some part of it still wants the user to be su: here's the message it produces:
cdrecord: Operation not permitted. WARNING: Cannot set RR-scheduler
cdrecord: Permission denied. WARNING: Cannot set priority using setpriority().
cdrecord: WARNING: This causes a high risk for buffer underruns.
It seems to be working in any event. Any ideas what's going on here?
Regards,
-Jeff |
|
Back to top |
|
|
meowsqueak Veteran
Joined: 26 Aug 2003 Posts: 1549 Location: New Zealand
|
Posted: Fri Dec 12, 2003 4:50 am Post subject: |
|
|
The program 'cdrecord' is trying to make system calls that require it to be root. This can be caused by a root-only permissions on a device inode, or certain operations that are restricted to root anyway (like binding to privileged ports).
Note that you do NOT have to set cdrecord suid-root for cd burning to work. You should be able to get it working without doing that. However, you won't be able to set the priority of the process to anything higher than default unless you are root. This means you have a greater risk of buffer under-runs when burning (i.e. starving the process of data to write, forcing it to improvise. Certain burners handle this better than others. Worst case - CDR fails to read properly afterwards).
You could consider configuring 'sudo' for the user concerned (or group) to permit them to ONLY run '/usr/bin/cdrecord' with sudo. |
|
Back to top |
|
|
jkcunningham l33t
Joined: 28 Apr 2003 Posts: 649 Location: 47.49N 121.79W
|
Posted: Fri Dec 12, 2003 5:02 am Post subject: |
|
|
Sounds like a reasonable solution. I'll see how this goes first, and if there's problems with underflows, try your solution.
Thanks!
-Jeff |
|
Back to top |
|
|
|