From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Rqx6X-0002W5-0g for garchives@archives.gentoo.org; Sat, 28 Jan 2012 01:29:21 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id C822BE08DA; Sat, 28 Jan 2012 01:29:11 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id E1147E0896 for ; Sat, 28 Jan 2012 01:28:20 +0000 (UTC) Received: from [192.168.1.101] (hnvr-4dbd11f3.pool.mediaWays.net [77.189.17.243]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: chithanh) by smtp.gentoo.org (Postfix) with ESMTPSA id DD6AE1B4002 for ; Sat, 28 Jan 2012 01:28:19 +0000 (UTC) Message-ID: <4F234F24.6000408@gentoo.org> Date: Sat, 28 Jan 2012 02:28:04 +0100 From: =?UTF-8?B?Q2jDrS1UaGFuaCBDaHJpc3RvcGhlciBOZ3V54buFbg==?= User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:9.0.1) Gecko/20120119 Firefox/9.0.1 SeaMonkey/2.6.1 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] useless set*id binaries References: <201201271914.45638.vapier@gentoo.org> In-Reply-To: <201201271914.45638.vapier@gentoo.org> Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Archives-Salt: b1344ab8-c5a1-420f-859b-359434268071 X-Archives-Hash: 7ac780278540d6f31c7a4b19487d60cd Mike Frysinger schrieb: > along these lines, why is cdrtools set*id ? if we have a "cdrom" group= , and=20 > we assign our cdroms/dvdroms to that group, then we already have access= =20 > control in place and can skip the set*id. > -mike >From the manpage, "In order to be able to use the SCSI transport subsystem of the OS, run at highest priority and lock itself into core cdrecord either needs to be run as root, needs to be installed suid root or must be called via RBACs pfexec mechanism." I guess with the advent of burnfree technology, the priority and locking into memory have become less important. The cdrom group will give access to /dev/sr* but not the associated /dev/= sg* Best regards, Ch=C3=AD-Thanh Christopher Nguy=E1=BB=85n