also sprach Anthony DeRobertis <asdat_private> [2002.01.15.1312 +0100]: > dpkg-statoverride --update --add root root 0755 /usr/bin/cdrdao > > This tells dpkg that cdrdao is not to be suid root anymore, at least until > you change or delete that override. but then you have to be root to burn CDs. there is a reason why cdrdao is setuid - it needs access to root-owned device files like /dev/scd0 and /dev/sg0 (on Linux that is). i believe the right solution is to create a new group just for that, and chgrp these device files to that group. then cdrdao works non-setuid, and you have user-level control over who should be able to use the burner, and who shouldn't. -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck "when I was a boy I was told that anybody could become president. now i'm beginning to believe it." -- clarence darrow
This archive was generated by hypermail 2b30 : Wed Jan 16 2002 - 18:29:21 PST