Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices

From: Alan Cox
Date: Mon Aug 09 2004 - 09:05:24 EST

Next message: Jesper Juhl: "Re: About e1000 driver"
Previous message: Marcelo Tosatti: "Re: [PATCH][2.6] Completely out of line spinlocks / x86_64"
In reply to: Måns Rullgård: "Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices"
Next in thread: Jens Axboe: "Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Llu, 2004-08-09 at 13:24, Joerg Schilling wrote:
> On Linux, it is impossible to run cdrecord without root privilleges.
> Make cdrecord suid root, it has been audited....

Wrong. Although in part that is a bug in the kernel urgently needing
a fix.

> On Solaris, there is ACLs, RBAC & getppriv() / setppriv()
>
> http://docs.sun.com/db/doc/816-5167/6mbb2jaeu?a=expand

and Linux has capabilities, ACLs and SELinux rulesets which can
also be used to manage this. I can give the cd burner a role that
permits it certain things.

Alan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Jesper Juhl: "Re: About e1000 driver"
Previous message: Marcelo Tosatti: "Re: [PATCH][2.6] Completely out of line spinlocks / x86_64"
In reply to: Måns Rullgård: "Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices"
Next in thread: Jens Axboe: "Re: PATCH: cdrecord: avoiding scsi device numbering for ide devices"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]