On 3/12/07, Jonatan Liljedahl <[EMAIL PROTECTED]> wrote: > I thought some more about this and this is my final suggestion: > * Create a 'console' group > * Put new users in this group by default > * Let all device nodes of physical media stuff (cdrw, audio, camera, > lp?, etc...) be owned by this group and be group writable (0664). > * Keep cdrdao, cdrecord, growisofs and all with plain permissions, > owned by root.root, no setuid or setgid bits. > > The problem with setgid'ing cd burning apps is: > * you would have to keep track of which software needs this and > maintain this in their recipes and packages. > * some software would do other stuff as 'cdrecord' group, i.e. > outputting files (ripping a CD with cdrdao) which would then be owned by > 'cdrecord' group, kind of strange... > > Also, using a single 'console' group is consistent and simple, merging > access to common hardware to a single group, instead of having > 'cdrecord', 'audio', 'printing', 'camera', etc...
Sorry for the late reply. Indeed, this seems to be the best way to go. I'm commiting fixes to our tools right now. Cheers, -- Lucas powered by /dev/dsp _______________________________________________ gobolinux-devel mailing list [EMAIL PROTECTED] http://lists.gobolinux.org/mailman/listinfo/gobolinux-devel
