Re: xcdroast and k3b non-root permissions?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Matthew Rex wrote: 
On Tue, 2005-03-29 at 06:41, Markku Kolkka wrote:

Paul Howarth kirjoitti viestissään (lähetysaika maanantai, 28. maaliskuuta 2005 18:58):

What should be happening now is that
/etc/security/console.perms and the fstab entry for your cd
writer should ensure that the ownership of the device is set
to the currently-logged-in user, and that's not happening

The problem seems to be that Matthew is logging in remotely by ssh, so pam_console doesn't get activated. 


If I log in as non-root user I get:

lrwxrwxrwx  1 root root     3 Mar 28 21:25 /dev/cdrom -> hdc
lrwxrwxrwx  1 root root     3 Mar 28 21:25 /dev/cdwriter -> hdc
brw-rw----  1 root disk 22, 0 Mar 28 21:25 /dev/hdc

/etc/fstab has:
/dev/hdc /media/cdrecorder auto pamconsole,exec,noauto,fscontext=system_u:object_r:removable_t,managed 0
0 

When you say you "log in", is this directly on the system itself, or by ssh?

I'm a bit lost with this pamconsole stuff. Do I need a "pam-tty" sort of
equivalent in there as well? I can't find these in the "man mount".

Are the permissions supposed to get set when you log in or only when you
(or a process running under you login) tries to access the device?
Hopefully the latter?

The ownership of the device is set to be that of the person logged in *on the console* because that is the person that will have physical access to the device. There would be no point at all in setting up permissions on a device-access basis because you might as well just make the permissions 777 and let anyone write to it whenever they wanted, which would be a security issue.

For what it's worth: I used to use xcdroast compiled for non-root use
with RH7.3 via ssh/X11forwarding all the time...

If you want to do CD-burning from a remote machine, you probably need to "unmanage" the device (remove the pamconsole and managed terms from the fstab entry) so that pam does not change the ownership of the device, and write a custom udev rule/permissions entry to set the device up with the permissions you want.

You can read about udev in Fedora at:
http://fedora.redhat.com/docs/udev/

Paul.

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux