Gerardo Exequiel Pozzi <vmlinuz386@xxxxxxxxxxxx> wrote:
> On 01/28/2010 03:48 AM, Attila wrote:
> > I change the permissions in the install file in this way:
> > /bin/echo "Change Owner, Group and Permission to root.optical (4710) ..."
> >
> >
> Hi, don't need all root privileges/capabilities. Only cap_sys_admin,
> cap_sys_rawio for some special SCSI commands and cap_sys_resource for
> incresing resource limits.
>
> setcap cap_sys_admin,cap_sys_rawio,cap_sys_resource+ep /usr/bin/cdrecord
>
> thats all ;)
Mostly correct, but most Linux distros do not include the needed features that
would allow to set these privileges.
Cdrecord needs on Solaris:
privs=file_dac_read,sys_devices,proc_lock_memory,proc_priocntl,net_privaddr
It would need the same on Linux and in addition the permission to send _any_
SCSI commands.
Readcd needs: privs=file_dac_read,sys_devices,net_privaddr
Cdda2wav needs: privs=file_dac_read,sys_devices,proc_priocntl,net_privaddr
Once there is support in more than a turkish Linux distro, I will add support
for the Linux fine grained privileges.
So what gives on Linux:
file_dac_read Permission to open any device file
sys_devices Permission to send anc SCSI command
proc_lock_memory Lock into memory
proc_priocntl Increase priority
net_privaddr Allow ports < 1024, needed for RSCSI
Jörg
--
EMail:joerg@xxxxxxxxxxxxxxxxxxxxxxxxxxx (home) Jörg Schilling D-13353 Berlin
js@xxxxxxxxxxxxxxx (uni)
joerg.schilling@xxxxxxxxxxxxxxxxxxx (work) Blog: http://schily.blogspot.com/
URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily
