On Tue, 18 Jan 2005 15:51:08 -0500 (EST), fedora-list-request@xxxxxxxxxx <fedora-list-request@xxxxxxxxxx> wrote: Juliano Ravasi Ferraz <ml@xxxxxxxxxxxx> wrote: > Nifty Hat Mitch wrote: > > For the short term try running it with sudo and not setting it SUID. > > Sudo gives you some control over who can run it. SUID opens it wide. > > Dunno... A well written suid application is much more secure than the > same application with sudo. If I suid it, it means that anyone will be > able to, for example: `sudo cdrecord dev=/dev/hdc -data > /etc/ssh/ssh_host_key´ ... Oops... :-/ > > > It is possible (under properties for the icon) in many cases to add > > sudo to the command for the point and click iconic folks out there. You CANNOT run k3b as a normal user with cdrecord setuid root. How do I know? I had the same problem and posted to another list. The response that I got was that according to Linux Torvalds and Alan Cox, running cdrecord with the suid bit set is a serious security risk. If you let k3b set permissions for you, it WILL set the suid bit and you won't be able to run k3b as a normal user. Set the permissions bits manually: Here are mine: -rwx--x--x 1 root burning 329612 Oct 18 09:56 cdrecord cdrecord should be located in /usr/bin do a 'chmod 711 cdrecord' in /usr/bin Make sure that if you go into k3b setup, you uncheck the box beside the executable, so it won't change permissions and ignore any messages that the program gives you about permissions. As you will notice, I've also set up a "burning" group and you can tell k3b to use this group. You might also want to change cdrdao if you need to. Regards, Colleen
