Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices

[Joerg Schilling]

>From: Eric Lammerts <eric@xxxxxxxxxxxx>

>On Fri, 6 Aug 2004, Joerg Schilling wrote:
>> The CAM interface (which is from the SCSI standards group)
>> usually is implemeted in a way that applications open /dev/cam and
>> later supply bus, target and lun in order to get connected
>> to any device on the system that talks SCSI.
>>
>> Let me repeat: If you believe that this is a bad idea, give very
>> good reasons.

>With this interface, how do you grant non-root users access to a CD
>writer, but prevent them from directly accessing a SCSI harddisk?

On Linux, it is impossible to run cdrecord without root privilleges.
Make cdrecord suid root, it has been audited....

On Solaris, there is ACLs, RBAC & getppriv() / setppriv()

http://docs.sun.com/db/doc/816-5167/6mbb2jaeu?a=expand

Jörg

-- 
 EMail:joerg@xxxxxxxxxxxxxxxxxxxxxxxxxxx (home) Jörg Schilling D-13353 Berlin
       js@xxxxxxxxxxxxxxx		(uni)  If you don't have iso-8859-1
       schilling@xxxxxxxxxxxxxxxxxxx	(work) chars I am J"org Schilling
 URL:  http://www.fokus.fraunhofer.de/usr/schilling ftp://ftp.berlios.de/pub/schily
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/