2007/3/8, Lucas C. Villa Real <[EMAIL PROTECTED]>: > On 3/8/07, Jonatan Liljedahl <[EMAIL PROTECTED]> wrote: > > Lucas C. Villa Real wrote: > > > On 3/8/07, Jonatan Liljedahl <[EMAIL PROTECTED]> wrote: > > >> Works great. But I don't think "others" should be able to write to the > > >> cdrw, only users in 'cdrecord' group. So I suggest changing that to > > >> 0660... (what would otherwise be the point with 'cdrecord' owning > > > > > > Biggest problem with 0660 is that normal users (not in the device's > > > group) cannot listen to CD's! > > > > Hmm, most often the same users who should be able to burn cd's would > > also listen to CD's (users with console access). Perhaps we should have > > a 'console' group and make all devices physically attached to the system > > writable by this group (cdrom, cdrw, audio, usb, etc...)? > > And then the liveCD installer would default to putting new users in this > > group... > > Can't we use the 'users' group instead, which already exists? > > > Or, we should use PAM? Doesn't PAM has support for automagically know > > when user logged in to the physical machine and not from network? but > > this would probably be a later thing to do... > > Yep. > > > But, if you choose to keep it 0666 then there's still no point at using > > setgid or setuid on cdrdao or other software, since the device will be > > writable for everyone anyhow! > > Makes sense. But what do we do with the 'cdrecord' group, then? Should > we dump it and use 'console'/'users' instead? Suggestions? > I don't have the need for this type of fine grained security, but there might be people who do. One question that does come to mind is: is there a reason others have to have write access? Why not use 0664? I think cdrecord group is a good solution if we should keep this security level.
-- /Jonas _______________________________________________ gobolinux-devel mailing list gobolinux-devel@lists.gobolinux.org http://lists.gobolinux.org/mailman/listinfo/gobolinux-devel
