On Monday 12 January 2004 01:35, Hendrik Sattler wrote: > > Here's what I think should happen on installation of k3b:
> > - If permissions and group of programs used by k3b > > (cdrecord, cdrdao, ...) are not suitable, ask if they should be > > changed to appropriate values (group cdrom, but which permissions > > exactly?). > > - If allowed, apply the changes using dpkg-statoverride. > > Don't do this to other program because either: > 1. They are a debian packages and a user friendly but secure setup > should be done by its maintainer. Then my suggestions don't apply to the k3b package, but to cdrecord and cdrdao. From a quick glance at the postinst files, I found that cdrecord already allows to setup the programs so that members of group cdrom can use them. cdrdao currently doesn't do this. > > - Display a list of users (whose home dirs are in /home) and allow > > to add them to group cdrom. This list should also be shown when > > upgrading and the list of users has changed. Notify that users > > added latter may have to be added to group cdrom manually. > > In Debian, this is _not_ done for the following groups: > dialout - to dial out with a modem > audio - to play audio files > video - to use DRI > ... > > Installing xmms will not fiddle with group "audio". > Why exactly should be done for group "cdrom"? At least users need to be informed about the required group membership. I don't yet see why they should not be given an option to change it there and then. > > I think(!) these are the required permissions and group > > > > root cdrom 4750 /usr/bin/cdrecord > > Are you sure that this script needs to be setuid root? It is not the > real binary. True, it doesn't have to be, but in its current incarnation k3b checks for this. Effectively, only the cdrecord.* binaries need to be suid root, but k3b doesn't know about them and thus can't check them. Should it just assume they're setup appropriately? Michael -- Michael Schuerig Life is just as deadly mailto:[EMAIL PROTECTED] as it looks. http://www.schuerig.de/michael/ --Richard Thompson, "Sibella"
