Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 16 Aug 2004 06:11:28 +0200
From:      Oliver Fuchs <oliverfuchs@onlinehome.de>
To:        freebsd-questions@freebsd.org
Subject:   Re: cd and dvd burning program K3b and permissions for non-root users.
Message-ID:  <20040816041128.GA4289@oliverfuchs.ath.cx>
In-Reply-To: <5c33d22d.d22d5c33@prodigy.net.mx>
References:  <5c33d22d.d22d5c33@prodigy.net.mx>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sat, 14 Aug 2004, edwinculp wrote:

> I've installed K3b and it works great for the root user but I can't get it to work for any non-privileged user even though I have put the user in the wheel group and have set sysctl vfs.usermount=1, cd0 has permissions set to 666, the same in devfs.conf (That solves the problem for xmms but not for k3b.  I have tried to suid and kde won't let it start.  I'm out of ideas.  After this much time, I'm sure that I'm making a mountain out of a mole hill and I'm missing something very simple.
> 
> Any help would be appreciated.  I can't see my users using burncd


See /usr/ports/sysutils/k3b/pkg-message:

[...]
3. k3b has to be started from a root console, which is not recommended.
   Alternatively do the following:
3a. set the suid flag on cdrecord and cdrdao. The 'Notes' the chapter of
    'man cdrecord' discusses this.
3b. - install sudo (security/sudo) and add the following line or similar to
      sudoers (usually in /usr/local/etc/sudoers):
      ALL             ALL = NOPASSWD: /sbin/camcontrol devlist
    - or execute 'camcontrol devlist' For every user who should be able to use 
      k3b. Resolve all errors e.g by giving him/her access rights to /dev/xpt0.
      'camcontrol devlist' must run without error for all these users!
      Note that giving access rights to /dev/xpt* might be a security leak!
    - or give camcontrol the suid flag, which is a security leak as well.
3c. - For every user who should be able to use k3b and for every CD or DVD
      device add a directory in the users home directory. These directories
      must be owned by the corresponding user. For each such directory add a
      line in /ect/fstab (see remark 2), like:
        /dev/cd0c  /usr/home/XXX/cdrom  cd9660  ro,noauto,nodev,nosuid  0  0
      Furthermore allow user mounts as described in topic 9.22 of the FAQ:
      http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/disks.html#USER-FLOPPYMOUNT
    - or just give mount and umount the sudo flag, which is a security leak.
3d. - Every user who should be able to use k3b must have read and write access
      to all pass through devices connected with CD and DVD drives. Run
      'camcontrol devlist' to identify those devices (seek string 'passX' at
      the end of each line and modify the rights of /dev/passX). Note, that
      this is a security leak as well but that there is no alternative!
[...]

Oliver
-- 
... don't touch the bang bang fruit

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040816041128.GA4289>