Gcmbust as non-root

Net Llama! netllama
Mon May 17 11:31:33 PDT 2004 

On Wed, 22 May 2002, Tim Wunder wrote:
> On 5/22/2002 9:45 AM, someone claiming to be Net Llama! wrote:
> > On Wed, 22 May 2002, Tim Wunder wrote:
> >
> >>On 5/22/2002 9:13 AM, someone claiming to be Roger Oberholtzer wrote:
> >>
> >>>Since xcdroast works, I would imagine that cdrecord itself has proper
> >>>permissions. Still, I have to ask...
> >>>
> >>>Mine are:
> >>>
> >>>  -r-sr-sr-x  1 root  root 185948 Dec 13 13:55 /usr/bin/cdrecord
> >>>
> >>
> >>-rws--x---   1  root  xcdwrite  265232 Apr 29 22:50 /usr/local/bin/cdrecord
> >
> >
> > That's not the same as what Roger posted.  Not even close.  You can't
> > execute a file that you can't read.
> >
>
> Yes, it's not the same, I'll grant you that. He's got it readable/executable by everyone and I don't. Mine's readable and writeable by root, executable by group xcdwrite, with suid root.
>
> Changing it's perms to -rws------ renders it not executable by me as user. Having it readable by group seems to be not relevant.

Of course its relevant.  The perms that you set allow *only* the root user
to read /usr/local/bin/cdrecord, and no one else.  I'll say it once again,
you can't execute a file that you can't read.  Since your normal user(s)
is a member of the xcdwrite group, the perms for the group are key to
fixing this.  At the minimum you need:
----r-s--- 1 root  xcdwrite

> >>>I had to do a 'chmod +s' myself. I don't care what the packages claim.
> >>>It don't work for me without this.
> >>>
> >>
> >>I'm a member of the xcdrwite group, sufficient for executing cdrecord with the perm's it has.
> >
> >
> > Not when you can't read it.
> >
>
> Whatever... explain to me, then, why I can run 'cdrecord --scanbus' as an ordinary user and get the correct output with those permissions. The permissions I've listed are correct (I thought maybe I transcribed something wrong). I can run it, and it lists my 2 CD devices AND my ZIP drive. I didn't feel like typing out the output, or capturing it to a file, scp'ing it here and copying it to the e-mail message.

Ya got me.  Just humor me, and set the perms noted above.  Then you can do
your "neener neener neener" dance on my head  :)

>
> No, permissions on cdrecord are NOT the problem. It's device permissions somewhere.

Fine, then do members of your xcdwrite group have rwx access to the burner
device?

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Lonni J Friedman				netllama at linux-sxs.org
Linux Step-by-step & TyGeMo		     http://netllama.ipfox.com

More information about the Linux-users mailing list