cdrdao for Debian
-----------------
1. Running cdrdao as a non-root user
In the past, cdrdao has been installed setuid root. Due to security issues, this
was removed.
Such security issues probably still remain at this time. If you make cdrdao
setuid, then it is likely it can be leveraged to gain full shell access to the
relevant uid. To make this firmly clear, cdrdao will drop setuid root privileges
on startup.
In order to allow regular users to run cdrdao, you can grant them access to the
relevant device nodes. If you're using scsi emulation or a genuine scsi burner,
this will probably be a /dev/scd and a /dev/sg node - for device 0,1,0,
/dev/scd1 and /dev/sg1. This will grant access to all users in the cdrom group:
chgrp cdrom /dev/scd1 /dev/sg1
chmod g+rw /dev/scd1 /dev/sg1
If you're using the ATAPI packet writing interface in linux 2.6, it'll just be
/dev/hdc or similar, and the installer probably already set this up for you.
Then use "adduser user cdrom" to add the users to the cdrom group.
One side-effect of this is that cdrdao will not run with real-time priority.
There is currently no easy, safe way to grant this. With a modern CD writer, it
probably won't matter, but it may cause buffer underruns if the system is under
significant load while burning. If this really bothers you, use sudo to run
cdrdao, and be aware that any user who can run cdrdao can probably gain root if
they really want to.
2. toc2mp3
The toc2mp3 utility provided in the cdrdao source requires lame in order to
work. For legal reasons, lame is not included in Debian, so toc2mp3 is not
included either.
-- Andrew Suffield <asuffield@debian.org> Thu, 24 Nov 2005 22:24:24 +0000
Generated by dwww version 1.15 on Sat May 18 06:02:20 CEST 2024.