> working. I can now use the KFloppy icon as it was intended and I
> haven't compromised the security of my system. So as workarounds
> go it's not a bad one.
Yes, it's an ok workaround. Alternatives are making the kfloppy and
related tools setgid floppy or setuid root. The latter shouldn't be
needed, and is a security risk because it makes the app run as
if it were the root user Setgid floppy isn't a very good choice
either, considering that it allows non-members of the group direct
access to the hardware.
.
> The only other way to make KFloppy useful would be to make it pop
> up a dialogue box asking for the root password, like DrakConf.
That seems sensible. It helps too, as people shouldn't be running
their desktops as root, and it's way too inconvenient to logout of
a desktop and into another one just to run some application as the
root user. Alternatively, you can run a 'xterm su - root' and launch
kfloppy or what have you from there. That's usually the approach I
take, but makes the icon not of much value.
As an aside, I like having xauth there, but dislike having to xhost +
stuff to get access to an app on the desktop running as root, and to
xhost - thereafter. I haven't noticed the need to do this nearly as
much in Mandrake as in other Linux distributions I've recently used.
> I too resent the DOSification of UNIX which is why I'm pleased
> with my workaround. The part I was missing was the need to log
Agreed. Stuff like autologin without password features in the later
Mandrakes really miss the point.
> out and back in again for it to take effect. I've added myself
> though and it doesn't access hardware. The ownership
> (root.cdwriter) and permissions (-rwxr-s---) puzzle me. Why is
Mkisofs does access hardware, sort of. I would imagine you need it
as part of cdrecord, to write the iso image to the CD prior to
burning. Otherwise you're running it against something that looks
like a partition, such as the loopback device. Permissions for accessing
that should mirror the ones for physical hardware since it is accessing
hardware at that level.
The setgid bit is set so that the cdrecord and related tools can access
the cdrw device with full read/write permission. It works similarly to
the floppy device - at least from a permissions standpoint.
> John Morley ([EMAIL PROTECTED])
------------------------------------------------------------------------
David E. Fox Thanks for letting me
[EMAIL PROTECTED] change magnetic patterns
[EMAIL PROTECTED] on your hard disk.
-----------------------------------------------------------------------
