home *** CD-ROM | disk | FTP | other *** search
- cdrdao for Debian
- -----------------
-
- 1. Running cdrdao as a non-root user
-
- In the past, cdrdao has been installed setuid root. Due to security issues, this
- was removed.
-
- Such security issues probably still remain at this time. If you make cdrdao
- setuid, then it is likely it can be leveraged to gain full shell access to the
- relevant uid. To make this firmly clear, cdrdao will drop setuid root privileges
- on startup.
-
- In order to allow regular users to run cdrdao, you can grant them access to the
- relevant device nodes. If you're using scsi emulation or a genuine scsi burner,
- this will probably be a /dev/scd and a /dev/sg node - for device 0,1,0,
- /dev/scd1 and /dev/sg1. This will grant access to all users in the cdrom group:
-
- chgrp cdrom /dev/scd1 /dev/sg1
- chmod g+rw /dev/scd1 /dev/sg1
-
- If you're using the ATAPI packet writing interface in linux 2.6, it'll just be
- /dev/hdc or similar, and the installer probably already set this up for you.
-
- Then use "adduser user cdrom" to add the users to the cdrom group.
-
- One side-effect of this is that cdrdao will not run with real-time priority.
- There is currently no easy, safe way to grant this. With a modern CD writer, it
- probably won't matter, but it may cause buffer underruns if the system is under
- significant load while burning. If this really bothers you, use sudo to run
- cdrdao, and be aware that any user who can run cdrdao can probably gain root if
- they really want to.
-
- 2. toc2mp3
-
- The toc2mp3 utility provided in the cdrdao source requires lame in order to
- work. For legal reasons, lame is not included in Debian, so toc2mp3 is not
- included either.
-
- -- Andrew Suffield <asuffield@debian.org> Thu, 24 Nov 2005 22:24:24 +0000
-
