Re: /etc/cdrecord.conf
On 28 Nov 2001, Joerg Schilling wrote: > Then I must ask you (or the ReaHat people) why the hell did they > change this into a nonstandard location? > > It only creates confusion Very true. The better question is why RedHat doesn't comply with the FHS and LSB [ http://www.linuxbase.org/test/results/ ]... RedHat is not known for using standards compliant locations. It still uses /usr/man for man pages when the FHS calls for /usr/share/man. Solving this problem is a one-line configuration line change too (in /etc/rpm/macros). That's why I use SuSE... -- Karol Pietrzak PGP KeyID: 3A1446A0 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: CDRecord-ProDVD
ProDVD version can be obtained only speaking with Joerg. You may want to try my (free) version of dvd support from http://www.abcpages.com/~mache/cdrecord-dvd.html. For DVD+RW take a look at http://fy.chalmers.se/~appro/linux/DVD+RW/ mache On Wed, 28 Nov 2001, Karl Bellve wrote: > > I am looking at getting a Pioneer DVD-R A03 to supplement our CD-R > drive. It will be used on a Linux storage, serving other computers. I > have had very good success with cdrecord/mkiosfs on a Linux system and a > Yamaha SCSI cd-r drive. > > I can't find any information about why I should get CDRecord-ProDVD and > why is it different from the normal CDRecord program. > > Any opinions on the new HP dvd100i? > > > > > > > -- > Cheers, > > > > Karl Bellve, Ph.D. ICQ # 13956200 > Biomedical Imaging Group TLCA# 7938 > University of Massachusetts > Email: [EMAIL PROTECTED] > Phone: (508) 856-6514 > Fax: (508) 856-1840 > PGP Public key: finger [EMAIL PROTECTED] > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: priveledges
yeah, i did have an input from jorg's find, it was relativly small, only a few lines, mostly password and Xserver stuff... i never knew they ran suid, you learn somethign every day. i set the /dev/sg devices to be group owned by cdwriter simply because it is a scsi emulation.. its an atapi cdwriter so its not like someone will come along and add a scsi hard drive all of a sudden. i would maybe consider running cdrtools suid and set it to be owned by cdwriter group so that only they can use it i am settign up a linux from scratch system, and everywhere i read, suid is dangerous, so i figured this as an alternative. but about suid... if i run cdrtools suid, and a priveleged user runs mkisofs, and chooses to read directories they are not allowed to read... will it throw back an error? or save the iso image to a directory they dont have write priveledges in...to be honest i dont understand suid, i have been warned about it, so i stay away. Sam, Ireland _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: priveledges
Karl-Heinz Herrmann <[EMAIL PROTECTED]> wrote: > > You most likely meant 'find / -perm -4000 -ls' > > I did mean: > find / -perm +4000 -ls > > and it does work with +1000 just as well -- seems I've no sticky bits set but > lots of suid bits and some with suid and sgid bits which a -4000 does not > catch as far as I know. Since you're looking for a single (04000) bit, the difference between -4000 (all bits must be on) and +4000 (any one of the bits must be on) is pretty subtle ;-) I have no idea how you would catch anything with +1000, "of of the set bits on" would still only test the sticky bit. -- -bill davidsen ([EMAIL PROTECTED]) "The secret to procrastination is to put things off until the last possible moment - but no longer" -me -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
CDRecord-ProDVD
I am looking at getting a Pioneer DVD-R A03 to supplement our CD-R drive. It will be used on a Linux storage, serving other computers. I have had very good success with cdrecord/mkiosfs on a Linux system and a Yamaha SCSI cd-r drive. I can't find any information about why I should get CDRecord-ProDVD and why is it different from the normal CDRecord program. Any opinions on the new HP dvd100i? -- Cheers, Karl Bellve, Ph.D. ICQ # 13956200 Biomedical Imaging Group TLCA# 7938 University of Massachusetts Email: [EMAIL PROTECTED] Phone: (508) 856-6514 Fax: (508) 856-1840 PGP Public key: finger [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: priveledges
>From [EMAIL PROTECTED] Wed Nov 28 17:38:11 2001 >On 28-Nov-01 Joerg Schilling wrote: >>>find / -perm +1000 on your system does produce not even *one* file? > >> 1) you don"t really mean 1000 which is the sticky bit? >I used the plus meaning "this value or higher" i.e. including suid and sgid There is no such meaning of the -perm parameter! See: http://www.opengroup.org/onlinepubs/7908799/xcu/find.html You are using a nonstandard "find" :-( >But much more interesting: >How is the cdrecord implementation of the suid privileges? Does it run with >full privileges only for the necessary operations (like scheduling and >/dev/sgX access) and otherwise with the permissions of the user? >I think I can remember some comment in the cdrecord documentation which more >or less states that cdrecord is at least "well behaved" set suid root and >your suggested way of installing it. Please read the man page Jörg EMail:[EMAIL PROTECTED] (home) Jörg Schilling D-13353 Berlin [EMAIL PROTECTED] (uni) If you don't have iso-8859-1 [EMAIL PROTECTED] (work) chars I am J"org Schilling URL: http://www.fokus.gmd.de/usr/schilling ftp://ftp.fokus.gmd.de/pub/unix -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: priveledges
On 28-Nov-01 Joerg Schilling wrote: >>find / -perm +1000 on your system does produce not even *one* file? > 1) you don"t really mean 1000 which is the sticky bit? I used the plus meaning "this value or higher" i.e. including suid and sgid > 2) find / -perm +onum is not a valid find command line > If your find accepts it, it is broken. the "o" is a mistyping: > You most likely meant 'find / -perm -4000 -ls' I did mean: find / -perm +4000 -ls and it does work with +1000 just as well -- seems I've no sticky bits set but lots of suid bits and some with suid and sgid bits which a -4000 does not catch as far as I know. But much more interesting: How is the cdrecord implementation of the suid privileges? Does it run with full privileges only for the necessary operations (like scheduling and /dev/sgX access) and otherwise with the permissions of the user? I think I can remember some comment in the cdrecord documentation which more or less states that cdrecord is at least "well behaved" set suid root and your suggested way of installing it. K.-H. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: priveledges
>From: Karl-Heinz Herrmann <[EMAIL PROTECTED]> >Just out of curiosity: >find / -perm +1000 on your system does produce not even *one* file? >How do you run your xserver? 1) you don"t really mean 1000 which is the sticky bit? 2) find / -perm +onum is not a valid find command line If your find accepts it, it is broken. You most likely meant 'find / -perm -4000 -ls' Jörg EMail:[EMAIL PROTECTED] (home) Jörg Schilling D-13353 Berlin [EMAIL PROTECTED] (uni) If you don't have iso-8859-1 [EMAIL PROTECTED] (work) chars I am J"org Schilling URL: http://www.fokus.gmd.de/usr/schilling ftp://ftp.fokus.gmd.de/pub/unix -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: priveledges
On 28-Nov-01 Sam Halliday wrote: > but is it still ok for me to install cdrecord normally (not superuser id'd) > and allow priveledged users the ownership of the relevant /dev/sg devices? It would also be ok to only set suid (i.e. chmod 47xx) without setting sgid (set group id) as I understand Jörg. Certainly you can set the device permissions -- but if for some reason the scsi chain changes the same device could suddenly by your harddrive which then is completely unprotected from direct access. cdrecord at least would check if it's indeed talking to a cdrom drive. > cheers anyway, ill just settle for my setup as it is... i certainly dont > want to hand out sceduling priority to normal users! and i am intent on > never installing anything suid or sqid Just out of curiosity: find / -perm +1000 on your system does produce not even *one* file? How do you run your xserver? SUID (or sgid) is not bad as such -- but one should indeed carefully think about what is allowed to become SUID root. K.-H. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
BeOS portability for cdrecord / star / ...
Hi all, Heiko and I are currently trying to make cdrtools compile and run again on BeOS. Is there anybody out who owns an old BeOS installation where an old version of cdrecord did compile? The reason is that we like to change the files in a way that will not break anything on old versions while being still able to compile on a recent release. Jörg EMail:[EMAIL PROTECTED] (home) Jörg Schilling D-13353 Berlin [EMAIL PROTECTED] (uni) If you don't have iso-8859-1 [EMAIL PROTECTED] (work) chars I am J"org Schilling URL: http://www.fokus.gmd.de/usr/schilling ftp://ftp.fokus.gmd.de/pub/unix -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: priveledges
but is it still ok for me to install cdrecord normally (not superuser id'd) and allow priveledged users the ownership of the relevant /dev/sg devices? i thought that was the safest option ... then anyone can run cdrecord, but they get a priveledges error if they do anythign they arnt suppossed... to like save an iso in the wrong place, scan the scsi bus or burn/erase a cd. the only problem i have with this setup is that these priveledged users get the sceduling wanrning... but is is just a warning, ive had no cd buring problems at all, and i am of the philosophy that when you are writing a cd, you shoudl go away from teh computer and make a cup of tea (or coffee), or have a pint, so there is nothign running in the background aiding a buffer problem anyway. cheers anyway, ill just settle for my setup as it is... i certainly dont want to hand out sceduling priority to normal users! and i am intent on never installing anything suid or sqid Sam, Ireland _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: priveledges
Zitat von Joerg Schilling <[EMAIL PROTECTED]>: > Don"t install cdrecord SIGD, and (more iportant) don"t tell people to > do so Why not? What's so bad about cdrecord being SGID? Alexander Skwar -- How to quote: http://learn.to/quote (de) http://quote.6x.to (en) Homepage: http://www.digitalprojects.com | http://www.iso-top.de iso-top.de - Die günstige Art an Linux Distributionen zu kommen -- - This mail sent through IMP: http://horde.org/imp/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: priveledges
>From: Karl-Heinz Herrmann <[EMAIL PROTECTED]> >On 27-Nov-01 Alexander Skwar wrote: >> So sprach »Sam Halliday« am 2001-11-27 um 16:49:31 + : >>> which device must i allow them to use in order that this scheduler can be >>> utilised in cdrecord, and thus preventing buffer underruns under certain >>> circumstances? >cdrecord has to be set UID root (or run as root) as far as I know for real >time scheduling. No normal user process is allowed to increase its priority >above default (nice level 0). > >> I have the same setup (Mandrake) as you, and those are my permissions: >> >> [askwar@teich RPM]$ ls -la /usr/bin/cdrecord /dev/scd0 >> brw-rw1 askwar cdwriter 11, 0 Aug 30 11:54 /dev/scd0 >> -rwsr-s---1 root cdwriter 183324 Aug 2 20:56 /usr/bin/cdrecord* > ^ ^ >these "s" say its suid root, which means cdrecord will run with the >priviledges of the owner and group of the *file* instead of the ones of the >user starting it. In this case user "root", group "cdwriter". >Only this in that above example is that only root and members of cdwrite are >allowed to execute it. If you don't belong to that group it will not run at >all. Depending on the system (single user, multi user in a shared >environment/office) changing the permissions to: >chmod 6755 /usr/bin/cdrecord Don"t install cdrecord SIGD, and (more iportant) don"t tell people to do so Jörg EMail:[EMAIL PROTECTED] (home) Jörg Schilling D-13353 Berlin [EMAIL PROTECTED] (uni) If you don't have iso-8859-1 [EMAIL PROTECTED] (work) chars I am J"org Schilling URL: http://www.fokus.gmd.de/usr/schilling ftp://ftp.fokus.gmd.de/pub/unix -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: priveledges
>From: Alexander Skwar <[EMAIL PROTECTED]> >So sprach =BBSam Halliday=AB am 2001-11-27 um 16:49:31 + : >> which device must i allow them to use in order that this scheduler can be= >=20 >> utilised in cdrecord, and thus preventing buffer underruns under certain= >=20 >> circumstances? >I have the same setup (Mandrake) as you, and those are my permissions: >[askwar@teich RPM]$ ls -la /usr/bin/cdrecord /dev/scd0=20 >brw-rw1 askwar cdwriter 11, 0 Aug 30 11:54 /dev/scd0 >-rwsr-s---1 root cdwriter 183324 Aug 2 20:56 /usr/bin/cdrecord* You should not install cdrecord or any tool from cdrtools "sgid". While cdrecord/cdda2wav/readcd/mkisofs are prepared to work in a SUID einvironment, there is nothing that handles SGID. Installing SGID causes security problems (see man pages..) Jörg EMail:[EMAIL PROTECTED] (home) Jörg Schilling D-13353 Berlin [EMAIL PROTECTED] (uni) If you don't have iso-8859-1 [EMAIL PROTECTED] (work) chars I am J"org Schilling URL: http://www.fokus.gmd.de/usr/schilling ftp://ftp.fokus.gmd.de/pub/unix -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Key2Audio
>From: Johan Vromans <[EMAIL PROTECTED]> >> This Key2audio protection DOES NOT WORK. I've just bought a SONY MUSIC >> audio cd which is Key2audio protected (last album of Ozark Henry). >> [...] >> There was an eleventh track which was recognized as data by WinOnCD. All I >> did was not dropping it with the audio tracks in the tracks windows of the >> soft. >It is a multi-session CD. The first session contains the audio tracks. >The second session contains a small data track (probably with >irrelevant contents). The CD is left open, which is what confuses CD >readers in PCs. I once accidentally produced and audio CD that was >left open, and it confused the ordinary CD players as well (after >playing the last track they got confused). So I think the 2nd session >is to prevent audio players from running into problems. >Funny thing is that, if your system provides image copying of audio >CDs, everything is copied okay but the copied CD is no longer copy >protected. Most of these broken disks (non-CD's) will be read in wihtout problems using cdda2wav from cdrtools-1.11a12 Jörg EMail:[EMAIL PROTECTED] (home) Jörg Schilling D-13353 Berlin [EMAIL PROTECTED] (uni) If you don't have iso-8859-1 [EMAIL PROTECTED] (work) chars I am J"org Schilling URL: http://www.fokus.gmd.de/usr/schilling ftp://ftp.fokus.gmd.de/pub/unix -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: priveledges
Zitat von Joerg Schilling <[EMAIL PROTECTED]>: > Mmmm PAM is Pluggable Authentication Mudule and is a Sun invention > for Solaris from around 1990. Yes, I know. I simply didn't know that PAM does do that. Thanks anyhow. Alexander Skwar -- How to quote: http://learn.to/quote (de) http://quote.6x.to (en) Homepage: http://www.digitalprojects.com | http://www.iso-top.de iso-top.de - Die günstige Art an Linux Distributionen zu kommen -- - This mail sent through IMP: http://horde.org/imp/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: /etc/cdrecord.conf
>From [EMAIL PROTECTED] Wed Nov 28 08:56:53 2001 >On Mon, 26 Nov 2001, Joerg Schilling wrote: >> >From: Danilo Godec <[EMAIL PROTECTED]> >> >> >On Mon, 26 Nov 2001, Danilo Godec wrote: >> >> >I got it... /etc/default/cdrecord is the location now... >> >> It never was at a different place. >Sure it was. And it is again. > D. >PS: I'm not saying YOU placed it there, but on my RedHat the file WAS >/etc/cdrecord.conf. And now that I got used to it, I've put it back >there... Then I must ask you (or the ReaHat people) why the hell did they change this into a nonstandard location? It only creates confusion Jörg EMail:[EMAIL PROTECTED] (home) Jörg Schilling D-13353 Berlin [EMAIL PROTECTED] (uni) If you don't have iso-8859-1 [EMAIL PROTECTED] (work) chars I am J"org Schilling URL: http://www.fokus.gmd.de/usr/schilling ftp://ftp.fokus.gmd.de/pub/unix -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: priveledges
>From: Alexander Skwar <[EMAIL PROTECTED]> >So sprach =BBDenis Pelletier=AB am 2001-11-27 um 12:23:45 -0500 : >> The "magic" is called pam. I doubt that it's exclusive to Mandrake. >Oh, pam does that? Didn't know that, because I didn't care about it :) >You're right, pam certainly isn't anything Mandrake-special. Mmmm PAM is Pluggable Authentication Mudule and is a Sun invention for Solaris from around 1990. Jörg EMail:[EMAIL PROTECTED] (home) Jörg Schilling D-13353 Berlin [EMAIL PROTECTED] (uni) If you don't have iso-8859-1 [EMAIL PROTECTED] (work) chars I am J"org Schilling URL: http://www.fokus.gmd.de/usr/schilling ftp://ftp.fokus.gmd.de/pub/unix -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
