Zugriffsrechte XCDRoast

Post Reply
Message
Author
Patrick

Zugriffsrechte XCDRoast

#1 Post by Patrick »

Hallo Leute!

Kann mir jemand sagen wie ich die Zugriffsrechte der einzelnen Dateien von XCDRoast (Version 0.98 beta 7) unter Suse 7.1 zuordnen muß, ich möchte die Nonroot-Funktion nutzen. Bin echt verzweifelt. Hab in Bücher und im Netz nicht die funktionierenden Zuordnungen gefunden!

Viele Dank für eure Hilfe.

Patrick

Michael

Re: Zugriffsrechte XCDRoast

#2 Post by Michael »

Hi!
Hier ein Auszug aus der Doku zu XCDroast:

We have to create a new group "cdwrite".
Note: YOU DO NOT PUT ANY USERS INTO THAT GROUP. This was common error
people did for alpha7. Do not change any group for any user.
Just create this group. Nothing more.


DO NOT CHANGE THE GENERIC SCSI DEVICES!
If you had made them writeable for group cdwrite for alpha7, do restore
their permissions NOW!

chgrp sys /dev/sg* (or whatever group they were..)
chmod 600 /dev/sg*

X-CD-Roast becomes now set-gid cdwrite, which allows access to all
cdrecord-tools. Because all cdrecord-tools are suid-root, they have
full access to the generic-scsi-devices.

X-CD-Roast can now decide which user is allowed to burn, by checking the
configuration the root user created. Details about this later...


Setting the permissions
-----------------------

Please install cdrecord-1.9 now. You can copy the binaries
to $PREFIX (e.g. /usr/bin or /usr/local/bin) or to the library-directory
of xcdroast (e.g. /usr/local/lib/xcdroast-0.98/bin). X-CD-Roast will look
in both dirs. This is described in detail in the README-file.


As result you may have an installation like that:

-rwxr-xr-x 1 root root 168828 Aug 8 20:17 /usr/local/bin/cdrecord
-rwxr-xr-x 1 root root 169308 Aug 8 20:17 /usr/local/bin/cdda2wav
-rwxr-xr-x 1 root root 324220 Aug 8 20:17 /usr/local/bin/mkisofs
-rwxr-xr-x 1 root root 90812 Aug 8 20:17 /usr/local/bin/readcd

In Linux the generic-scsi-devices should look like this:
(Most possible this does look different on non-linux-systems.
The non-root-mode was only tested on Linux and may not work
on other systems yet.)

crw------- 1 root sys 21, 2 Aug 24 11:00 /dev/sg0
crw------- 1 root sys 21, 2 Aug 24 11:00 /dev/sg1
crw------- 1 root sys 21, 2 Aug 24 11:00 /dev/sg2
...

If the generic-devices look different for you (e.g. still with group
"cdwrite" and read/write able for group), the please restore the
permission as shown above)


Now run the following commands to set the special permissions needed
for X-CD-Roast:

/usr/sbin/groupadd cdwrite
chown root:cdwrite cdrecord cdda2wav mkisofs readcd
chmod 4710 cdrecord cdda2wav mkisofs readcd

(Adds a new group "cdwrite" to the system and makes all the cdrecord-
binaries only runable by root or somebody in the cdwrite group)

This is the result:

-rws--x--- 1 root cdwrite 169308 Aug 8 20:17 /usr/local/bin/cdda2wav
-rws--x--- 1 root cdwrite 168828 Aug 8 20:17 /usr/local/bin/cdrecord
-rws--x--- 1 root cdwrite 324220 Aug 8 20:17 /usr/local/bin/mkisofs
-rws--x--- 1 root cdwrite 90812 Aug 8 20:17 /usr/local/bin/readcd


Any users which are in group cdwrite can now start all the cdwriting-tools.
(Again, for X-CD-Roast it is not necesary to put any users manually into
the cdwrite group! X-CD-Roast does handle that with the sgid-bit)

Therefore all we have to do, is to put xcdroast into that group and we are
fine. This is done with the following commands:

chown root:cdwrite xcdrgtk
chmod 2755 xcdrgtk

(Alternatively you can do a "make perms" which does set this permissions
automatically after a "make install" was done.)


Usage of the non-root-mode
--------------------------

After X-CD-Roast was installed and all the permissions set correctly,
it can be started.
The first time root have to start it, to create the root-configuration-file
/etc/xcdroast.conf. Without this file, a normal user will get an error
message.

Root gets a new menu in setup, which allows to define which users can
start X-CD-Roast on which hosts. There is also the possibiliy to define
how much a user is allowed to change in the setup-menu.
Its possible that a normal user should not be able to change the
cdwriter-device or the directory where image-files are created in. These
settings apply to ALL allowed users.
Please see the tooltip-help for a detailed description of each option.

After root saved the configuration, all normal users (which have
got permission by root via the setup) can start up X-CD-Roast.
If root denied them access to some options in the setup, then this
options are greyed out, and cannot be changed.

Viel Erfolg!

Post Reply