On 23 Feb 2002, Barry Mathieu wrote:
> Hello,
>
> I have been been successful at hooking-up a external SCSI CD-RW and
> using the following utilities as root:
>
> cdrecord
> cdrdao
> cdparanoia
>
> I would prefer user accessibility to these resources.
>
> In haste, I issued the following (according to CD-Writing HOWTO):
>
> chown 4111 /usr/bin/cdrecord
>
> Now, the sole user of this machine, me (barry), can use cdrecord without
> being root. This is a home machine, only typically used by me.
>
> I'm not sure what the '4111' accomplishes. As an example, I'm more
> accustomed to something like 'u+w', etc. I am aware there is an
> alternate scheme of chown options using numeric arguments.
>
> In my reading I've seemed to come across statements that '4111' is
> associated with running the process as root, and this opens some
> potential security gaps.
>
> I've now made a group, 'cdrw', and put myself in the group. From
> /etc/group:
>
> cdrw:x:102:barry
>
> I am user barry.
>
> The external SCSI CD-RW is attached to scd0, so I made that device
> file a member or group, 'cdrw'. eg.
>
> brw-rw---- 1 root cdrw 11, 0 Feb 2 23:16 /dev/scd0
>
> I believe the driver /dev/sg* is needed, so I also made those dev files
> a member of 'cdrw', eg.
>
> crw------- 1 root cdrw 21, 0 Feb 2 23:16 /dev/sg0
>
> I don't believe I need to change the group of the binaries cdparanoia
> and cdrdao.
>
> Unfortunately when I issue either cdrdao or cdparanoia commands, I don't
> have access to the SCSI device.
>
> I'm using Debian Potato.
Maybe I'm missing something, but there is already a group called cdrom,
and my impression is that is group is intended for writing operations to
cds.
faheem ~>ls -la /dev/scd0
brw-rw---- 1 root cdrom 11, 0 Apr 14 2001 /dev/scd0
You should also check out the thread "group video?" in group
linux.debian.devel (using Google advanced group search), which seems to
have some bearing on your question.
Sincerely, Faheem Mitha.
