Sophie

Sophie

distrib > Mandriva > 9.1 > ppc > by-pkgid > 0c3fc7b29f6e22c50976cbd4109f7dea > files > 34

xcdroast-0.98-27.alpha13mdk.ppc.rpm


X-CD-Roast 0.98alpha13
----------------------

The non-root mode allows that X-CD-Roast can be started by any user and
not only by "root". 


	Please note that X-CD-Roast 0.98alpha13 can configure the non-root
	mode fully automatic. At the first startup as root you will be 
	prompted to enable the non-root mode. 
	But you can always enable and disable the non-root mode again in
	the setup menu. 

	So these instruction here are just for curious and not required 
	to use the non-root mode of X-CD-Roast.

	Distribution-vendors: No need to patch X-CD-Roast to disable
	non-root mode! By default X-CD-Roast comes now without any
	special groups or suid/sgid-bits!


Instructions for non-root setup 
(If you prefer not to use the automatic!)
-----------------------------------------

If you do not want to let other users use X-CD-Roast, you are free
to skip all these instructions and just start X-CD-Roast always as root.


Please change the permissions according to this README to allow  
normal users to run X-CD-Roast. 


We have to create a new group "xcdwrite".  
Note: DO NOT PUT ANY USERS INTO THAT GROUP. This was common error
      people made for alpha7. Do not change any group for any user. 
      Just create this group. Nothing more. 

The new wrapper becomes now set-gid xcdwrite, which allows access to all 
cdrecord-tools. Because all cdrecord-tools are suid-root, they have
full access to the generic-scsi-devices. 
 
X-CD-Roast can now decide which user is allowed to burn, by checking the
configuration the root user created. Details about this later... 


Setting the permissions
-----------------------

Please install cdrecord-1.11 now. You can copy the binaries
to $PREFIX (e.g. /usr/bin or /usr/local/bin) or to the library-directory
of xcdroast (e.g. /usr/local/lib/xcdroast-0.98/bin). X-CD-Roast will look
in both dirs. This is described in detail in the README-file.

On most current distributions cdrecord-1.11 should already pre-installed
in /usr/bin. In this case you have to set the $PREFIX to /usr in the
Makefile. Or use your private copies of cdrecord-1.11 in the lib-dir
of X-CD-Roast (or set $CDRTOOLS_PREFIX to /usr).


As result you may have an installation like this:

-rwxr-xr-x    1 root     root       168828 Aug  8 20:17 /usr/bin/cdrecord
-rwxr-xr-x    1 root     root       169308 Aug  8 20:17 /usr/bin/cdda2wav
-rwxr-xr-x    1 root     root       324220 Aug  8 20:17 /usr/bin/mkisofs
-rwxr-xr-x    1 root     root        90812 Aug  8 20:17 /usr/bin/readcd

In Linux the generic-scsi-devices should look something like this:
(Most possible this does look different on non-linux-systems.
 The non-root-mode was only tested on Linux and may not work 
 on other systems yet.)

crw-------    1 root     sys       21,   2 Aug 24 11:00 /dev/sg0
crw-------    1 root     sys       21,   2 Aug 24 11:00 /dev/sg1
crw-------    1 root     sys       21,   2 Aug 24 11:00 /dev/sg2
...



Now run the following commands to set the special permissions needed
for X-CD-Roast:

	/usr/sbin/groupadd xcdwrite
	cd /usr/bin;     # OR  cd /usr/local/bin - whatever
	chown root:xcdwrite cdrecord cdda2wav mkisofs readcd
	chmod 4710 cdrecord cdda2wav mkisofs readcd

(Adds a new group "xcdwrite" to the system and makes all the cdrecord-
binaries only runable by root or somebody in the xcdwrite group)

This is the result:

-rws--x---    1 root     xcdwrite    169308 Aug  8 20:17 /usr/bin/cdda2wav
-rws--x---    1 root     xcdwrite    168828 Aug  8 20:17 /usr/bin/cdrecord
-rws--x---    1 root     xcdwrite    324220 Aug  8 20:17 /usr/bin/mkisofs
-rws--x---    1 root     xcdwrite     90812 Aug  8 20:17 /usr/bin/readcd


Any users which are in group xcdwrite can now start all the cdwriting-tools.
(Again, for X-CD-Roast it is not necessary to put any users manually into
the xcdwrite group! X-CD-Roast does handle that with the sgid-bit on the
wrapper)

Therefore all we have to do, is to put the wrapper into that group and we are
fine. This is done with the following commands:

After a make install the wrapper was installed in 
	/usr/local/lib/xcdroast-0.98/bin or /usr/lib/xcdroast-0.98/bin

Please change now to the corresponding directory and enter:

	chown root:xcdwrite xcdrwrap
	chmod 2755 xcdrwrap


Usage of the non-root-mode
--------------------------

After X-CD-Roast was installed and all the permissions set correctly,
it can be started. 
The first time root have to start it, to create the root-configuration-file
/etc/xcdroast.conf. Without this file, a normal user will get an error
message. 

Root gets a new menu in setup, which allows him to define which users can
start X-CD-Roast on which hosts. There is also the possibility of defining
how much a user is allowed to change in the setup-menu. 
It's possible that a normal user should not be able to change the
cdwriter-device or the directory where image-files are created in. These
settings apply to ALL allowed users. 
Please see the tooltip-help for a detailed description of each option. 

After root saved the configuration, all normal users (which have 
been given permission by root via the setup) can start up X-CD-Roast.
If root denied them access to some options in the setup, then this
options are greyed out, and cannot be changed. 

Thats all - please point out any security problems. I tested this
only on Linux-systems, I am not sure if this works on other platforms.
If you use a non-Linux system and get X-CD-Roast running fine as non-root
user, please send me a detailed description of all changes.

01.01.2003 Thomas Niederreiter (tn@xcdroast.org)

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional