Re: cd and dvd burning program K3b and permissions for non-root users.

[edwinculp]

First I would like to thank:

Oliver Fuchs [EMAIL PROTECTED]
E. Eusey [EMAIL PROTECTED] 
Oliver Fuchs [EMAIL PROTECTED]

For their excellent and similar suggestions for getting this to work and apologize for 
not answering quicker but I've been trying and trying to find the right combination.  
After applying and testing all individually, I still haven't been successful. 

The problem is that cd0 isn't recognized by k3b unless the user is root.  The only 
error I can find from k3b is:

k3b: (K3bDeviceManager) /dev/cd0 resolved to /dev/cd0
k3b: (K3bCdDevice) /dev/cd0: init()
k3b: (K3bCdDevice::ScsiCommand) open device  failed.
k3b: ERROR: (K3bCdDevice) Unable to do inquiry.

Perms are:

/dev # ls -l cd0 xpt0
crw-rw-rw-  1 root  operator4,  22 Aug 16 10:46 cd0
crw-rw-rw-  1 root  operator  229,   0 Aug 16 10:46 xpt0

I created a mount point directory for the plaza and added the entry in fstab and 
they can mount /dev/cd0 on their mount point.

/dev/cd0 on /home/plaza/cdrom (cd9660, local, nodev, nosuid,
read-only, mounted by plaza)

I set up sudo for camcontrol which works perfectly

ALL ALL = NOPASSWD: /sbin/camcontrol devlist

/home/plaza # camcontrol devlist
SONY CD-RW  CRX230ED 4YS1at scbus0 target 1 lun 0
(cd0,pass0)

I have set uid root on:

/usr/local/bin # ls -l cdrdao cdrecord
-rwsr-sr-x  1 root  wheel  510232 Aug 12 20:22 cdrdao
-rwsr-sr-x  1 root  wheel  254636 Aug 12 20:19 cdrecord

The plaza user can play audio with xmms but still can't use k3b.

If you have any ideas what I´m missing, they would be appreciated.

ed

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

cd and dvd burning program K3b and permissions for non-root users.

[Edwin Culp]

I've installed K3b and it works great for the root user but I
can't get it to work for any non-privileged user even though I
have put the user in the wheel group and have set sysctl
vfs.usermount=1, cd0 has permissions set to 666, the same in
devfs.conf (That solves the problem for xmms but not for k3b.  
I have tried to suid and kde won't let it start.  I'm out of
ideas.  After this much time, I'm sure that I'm making a
mountain out of a mole hill and I'm missing something very
simple.

Any help would be appreciated.  I can't see my users using burncd
;)

Thanks

ed

P.S. Machines are running current and are AMD Athlon
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: cd and dvd burning program K3b and permissions for non-root users.

[E. Eusey]

On Friday 13 August 2004 02:19 pm, Edwin Culp wrote:
 I've installed K3b and it works great for the root user but I
 can't get it to work for any non-privileged user even though I
 have put the user in the wheel group and have set sysctl
 vfs.usermount=1, cd0 has permissions set to 666, the same in
 devfs.conf (That solves the problem for xmms but not for k3b.
 I have tried to suid and kde won't let it start.  I'm out of
 ideas.  After this much time, I'm sure that I'm making a
 mountain out of a mole hill and I'm missing something very
 simple.

Ugh.  It's been a while since I bashed my head against that particular brick 
wall.  Have you read through the pkg-message yet?  Type 'make showinfo' in 
the k3b port directory if you haven't.  You may have forgotten to give the 
necessary permissions to a certain SCSI device.

Evan Eusey


 Any help would be appreciated.  I can't see my users using burncd
 ;)

 Thanks

 ed

 P.S. Machines are running current and are AMD Athlon
 ___
 [EMAIL PROTECTED] mailing list
 http://lists.freebsd.org/mailman/listinfo/freebsd-questions
 To unsubscribe, send any mail to
 [EMAIL PROTECTED]
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: cd and dvd burning program K3b and permissions for non-root users.

[Oliver Fuchs]

On Sat, 14 Aug 2004, edwinculp wrote:

 I've installed K3b and it works great for the root user but I can't get it to work 
 for any non-privileged user even though I have put the user in the wheel group and 
 have set sysctl vfs.usermount=1, cd0 has permissions set to 666, the same in 
 devfs.conf (That solves the problem for xmms but not for k3b.  I have tried to suid 
 and kde won't let it start.  I'm out of ideas.  After this much time, I'm sure that 
 I'm making a mountain out of a mole hill and I'm missing something very simple.
 
 Any help would be appreciated.  I can't see my users using burncd


See /usr/ports/sysutils/k3b/pkg-message:

[...]
3. k3b has to be started from a root console, which is not recommended.
   Alternatively do the following:
3a. set the suid flag on cdrecord and cdrdao. The 'Notes' the chapter of
'man cdrecord' discusses this.
3b. - install sudo (security/sudo) and add the following line or similar to
  sudoers (usually in /usr/local/etc/sudoers):
  ALL ALL = NOPASSWD: /sbin/camcontrol devlist
- or execute 'camcontrol devlist' For every user who should be able to use 
  k3b. Resolve all errors e.g by giving him/her access rights to /dev/xpt0.
  'camcontrol devlist' must run without error for all these users!
  Note that giving access rights to /dev/xpt* might be a security leak!
- or give camcontrol the suid flag, which is a security leak as well.
3c. - For every user who should be able to use k3b and for every CD or DVD
  device add a directory in the users home directory. These directories
  must be owned by the corresponding user. For each such directory add a
  line in /ect/fstab (see remark 2), like:
/dev/cd0c  /usr/home/XXX/cdrom  cd9660  ro,noauto,nodev,nosuid  0  0
  Furthermore allow user mounts as described in topic 9.22 of the FAQ:
  http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/disks.html#USER-FLOPPYMOUNT
- or just give mount and umount the sudo flag, which is a security leak.
3d. - Every user who should be able to use k3b must have read and write access
  to all pass through devices connected with CD and DVD drives. Run
  'camcontrol devlist' to identify those devices (seek string 'passX' at
  the end of each line and modify the rights of /dev/passX). Note, that
  this is a security leak as well but that there is no alternative!
[...]

Oliver
-- 
... don't touch the bang bang fruit
___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

cd and dvd burning program K3b and permissions for non-root users.

[edwinculp]

I've installed K3b and it works great for the root user but I can't get it to work for 
any non-privileged user even though I have put the user in the wheel group and have 
set sysctl vfs.usermount=1, cd0 has permissions set to 666, the same in devfs.conf 
(That solves the problem for xmms but not for k3b.  I have tried to suid and kde won't 
let it start.  I'm out of ideas.  After this much time, I'm sure that I'm making a 
mountain out of a mole hill and I'm missing something very simple.

Any help would be appreciated.  I can't see my users using burncd


Thanks

ed

P.S. Machines are running current and are AMD Athlon

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: cd and dvd burning program K3b and permissions for non-root users.

[edwinculp]

 Chuck Swiger wrote:
  Edwin Culp wrote:
  I've installed K3b and it works great for the root user but I
 can't get it
  to work for any non-privileged user even though I have put the
 user in the
  wheel group and have set sysctl vfs.usermount=1, cd0 has
 permissions set to
  666, the same in devfs.conf (That solves the problem for xmms
 but not for k3b.
 
 I believe k3b runs dvd+rw-tools underneath, so you might consider
 making
 dvd+rw-tools setuid-root.  See the port's Makefile if you have
 questions.

Thanks, Chuck.  I saw that dvd+rw-tools wasn't installed so I checked the make file 
and found that it depends on:
   cdrecord:${PORTSDIR}/sysutils/cdrtools \
   cdrdao:${PORTSDIR}/sysutils/cdrdao

So I set the uid-root on cdrecord, readcd and cdrdao.  It still doesn't find cd0.  I 
must have missed one.  I'm going to keep looking.

Thanks again, I was sure that was it.

ed


___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

cd and dvd burning program K3b and permissions for non-root users.

[Ian Smith]

On Sat, 14 Aug 2004 [EMAIL PROTECTED] wrote:
[..]
  Message: 4
  Date: Sat, 14 Aug 2004 08:47:09 -0500
  From: edwinculp [EMAIL PROTECTED]
[..]
  
  I've installed K3b and it works great for the root user but I can't
  get it to work for any non-privileged user even though I have put the
  user in the wheel group and have set sysctl vfs.usermount=1, cd0 has
  permissions set to 666, the same in devfs.conf (That solves the
  problem for xmms but not for k3b.  I have tried to suid and kde won't
  let it start.  I'm out of ideas.  After this much time, I'm sure that
  I'm making a mountain out of a mole hill and I'm missing something
  very simple. 
 
  Any help would be appreciated.  I can't see my users using burncd
  
  
  Thanks
  
  ed
  
  P.S. Machines are running current and are AMD Athlon

I see you've not got this going yet.  I don't know about current but on
4.x, as well as vfs.usermount=1 you need to have non-root users mount
CDs on a directory that they actually own.  Might that be an issue here?

Cheers, Ian

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]