On Wed, Apr 1, 2009 at 10:48 AM, J.C. Roberts <list-...@designtools.org> wrote: > On Wed, 1 Apr 2009 04:46:10 +0000 Jacob Meuser > <jake...@sdf.lonestar.org> wrote: > >> On Tue, Mar 31, 2009 at 07:13:33PM -0700, OpenBSD wrote: >> > Hello >> > >> > Could somebody please tell me how to use a dvd-rw as user? >> > I'am trying to install Slackware using qemu, and the dvd does not >> > work properly, it works well as root. I've tried adding the user to >> > operator group, users group, and declaring it at fstab without >> > optimum results. >> >> by default root can read and write /dev/rcd0c. operator group can >> only read. >> >> you need to be able to write to /dev/rcd0c to put a filesystem on >> a cd/dvd. >> >> you can change the permissions on /dev/rcd0c or use sudo. > > Using sudo is a great way to handle this situation, but this depends > on how much you trust the user, and whether or not you can properly > configure /etc/sudoers with visudo. > > NOTE: Jake only said "change the permissions" but he did not say to > change them permanently on disk. Of course, changing permissions > permanently on disk is an option, but in many situations it is not > the best option. > > If as root you fumble-finger the chown/chmod command on your devices, > stuff a user into the wrong group, or don't fully understand all the > esoteric issues involved in device permissions, you could easily be > in a world of hurt. > > If you really want to go the route of changing permissions on a > workstation, the best way to do it is using the existing features > available /etc/fbtab to change permissions on devices automatically > and temporarily at user login and logout. See man fbtab for details. > > This exact situation of an unprivileged local user needing access to > devices is the reason why fbtab exists. >
Reading fbtab(5), it seems that it changes the device permissions whenever any matching user logs in. So what happens if two users log in (say, one on the first virtual term, one on the second)? Does the second get control of all the devices and the first is just out of luck? It seems a lot simpler to just chmod g+w on any devices you find you need and make sure you're in the operator group (though don't chmod g+w /dev/*, I did that once and things broke very badly I seem to recall, though I don't remember details since I was more like "shitshitfixfix"). What's the risk in doing it this way? The only thing I can see is that if someone breaks into your account they can burn CDs remotely (or overwrite any unmounted partitions) while you're not logged in which is obviously so much more dangerous than someone breaking into your account while you are logged in. -Nick
