Date: Wed, 2 Feb 2005 05:25:26 +0100 From: Oliver Fuchs <oliverfuchs@onlinehome.de> To: freebsd-questions@freebsd.org Subject: Re: SUDO Message-ID: <20050202042526.GA2113@oliverfuchs.onlinehome.de> In-Reply-To: <20050201052341.GB5919@pc102356.concepts.nl> References: <20050201052341.GB5919@pc102356.concepts.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 01 Feb 2005, Java Beans wrote: > What do i have to enter in /etc/sudoers in order to give > some user group the permission to start k3b with root > permissions? Hi, what about: ALL ALL = NOPASSWD: /sbin/camcontrol devlist ALL ALL = NOPASSWD: /usr/local/bin/k3b See also pkg-message file of k3b port: [...] 3. k3b has to be started from a root console, which is not recommended. Alternatively do ALL of the following: 3a. set the suid flag on cdrecord and cdrdao. The 'Notes' the chapter of 'man cdrecord' discusses this. 3b. - For every user who should be able to use k3b and for every CD or DVD device add a directory in the users home directory. These directories must be owned by the corresponding user. For each such directory add a line in /ect/fstab (see remark 2), like: /dev/cd0c /usr/home/XXX/cdrom cd9660 ro,noauto,nodev,nosuid 0 0 Furthermore allow user mounts as described in topic 9.22 of the FAQ: http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/disks.html#USER-FLOPPYMOUNT Note: If you are using FreeBSD 5.x you might want to edit your /etc/devfs.conf. See http://sig9.com/archive/articles/HOWTO-mount-fs.html for details. - or just give mount and umount the suid flag, which is a security leak. 3c. - Every user who should be able to use k3b must have read and write access to all pass through devices connected with CD and DVD drives and to the /dev/xpt0 device. Run 'camcontrol devlist' to identify those devices (seek string 'passX' at the end of each line and modify the rights of /dev/passX). Note, that this is a security leak as well but that there is no alternative! [...] Oliver -- ... don't touch the bang bang fruit
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050202042526.GA2113>