From e9828cddd01bd9e76f3154d428a0092e7deb19b4 Mon Sep 17 00:00:00 2001 From: Thomas Schmitt Date: Thu, 10 Jun 2010 17:23:23 +0000 Subject: [PATCH] Mentioned Solaris and system dependent drive permission settings --- README | 4 ++ cdrskin/README | 96 +++++++++++++++++++++++++++++++++++++++++------ cdrskin/cdrskin.1 | 11 ++++-- 3 files changed, 96 insertions(+), 15 deletions(-) diff --git a/README b/README index 75fe376..04c7cf4 100644 --- a/README +++ b/README @@ -145,6 +145,8 @@ The project components (list subject to growth, hopefully): also allows to grow ISO-9660 filesystem images on multi-session media as well as on overwriteable media via the same API. All media peculiarities are handled automatically. + It also contains the methods of command oriented application + xorriso and offers them via a C language API. - cdrskin is a limited cdrecord compatibility wrapper for libburn. cdrecord is a powerful GPL'ed burn program included in Joerg @@ -164,6 +166,8 @@ The project components (list subject to growth, hopefully): changing, incremental backups, activating boot images, and extracting of files from ISO images to disk. An own ISO 9660 extension stores ACLs, xattr, and MD5 of file content. + All features of xorriso are also available via a C language API + of libisoburn. See xorriso/README for more. - "test" is a collection of application gestures and examples given by the diff --git a/cdrskin/README b/cdrskin/README index 7c9fd1e..30723f4 100644 --- a/cdrskin/README +++ b/cdrskin/README @@ -104,17 +104,25 @@ The output of cdrskin --devices might look like 0 dev='/dev/sr0' rwrwr- : '_NEC' 'DVD_RW ND-4570A' 1 dev='/dev/sr1' rwrw-- : 'HL-DT-ST' 'DVDRAM GSA-4082B' -So full and insecure enabling of both for everybody would look like - - chmod a+rw /dev/sr0 /dev/sr1 - +On Linux, full and insecure enabling of both for everybody would look like + chmod a+rw /dev/sr0 /dev/hda This is equivalent to the traditional setup chmod a+x,u+s cdrecord. +On FreeBSD, device permissions are to be set in /etc/devfs.rules. +On Solaris, pfexec privileges may be restricted to "base,sys_devices". +See below "System Dependend Drive Permission Examples". + I strongly discourage to run cdrskin with setuid root or via sudo ! It is not checked for the necessary degree of hacker safety. +Better consider to grant the necessary permissions to group "floppy" +and to add users to it. + + +A behavioral conflict is known between any burn software and demons like hald +which probe CD drives. This can spoil burn runs for CD-R or CD-RW. +You may have to keep your hald away from the drive. See for example + http://www.freebsd.org/gnome/docs/halfaq.html -Consider to put all authorized users into group "floppy", to chgrp the -device file to that group and to disallow w-access to others. Helpful with Linux kernel 2.4 is a special SCSI feature: It is possible to address a scsi(-emulated) drive via associated device files @@ -123,11 +131,6 @@ as listed device files. This addressing via e.g. /dev/sr0 or /dev/scd1 is compatible with generic read programs like dd and with write program growisofs. For finding /dev/sg1 from /dev/sr0, the program needs rw-access to both files. -A behavioral conflict is known between any burn software and demons like hald -which probe CD drives. This can spoil burn runs for CD-R or CD-RW. -You may have to keep your hald away from the drive. See for example - http://www.freebsd.org/gnome/docs/halfaq.html - Usage examples @@ -434,6 +437,77 @@ It will not read startup files, will abort on option dev_translation= , will not have a fifo buffer, and will not be able to put out help texts or debugging messages. +------------------------------------------------------------------------------ + + System Dependend Drive Permission Examples + +Accessing the optical drives requires privileges which usually are granted +only to the superuser. Linux, FreeBSD and Solaris offer quite different +approaches for avoiding the need for unrestricted privileges. + +--------------------- +On all three systems: +--------------------- +Add the authorized user of CD drives to group "floppy" in /etc/group. +If missing: create this group. +Changes to /etc/group often only affect new login sessions. So log out and in +before making the first tests. + +--------- +On Linux: +--------- +Allow rw-access to the drives + chgrp floppy /dev/sr0 /dev/sr1 + chmod g+rw /dev/sr0 /dev/sr1 +It might be necessary to perform chgrp and chmod after each reboot or to +edit distro dependent device configuration files for permanent settings. + +----------- +On FreeBSD: +----------- +On FreeBSD: +Edit /etc/devfs.rules and make sure to have these lines + [localrules=10] + add path 'acd*' mode 0664 group floppy + add path 'cd*' mode 0664 group floppy + add path 'pass*' mode 0664 group floppy + add path 'xpt*' mode 0664 group floppy + [localrules=5] + add path 'pass*' mode 0664 group floppy + add path 'cd*' mode 0664 group floppy + add path 'xpt*' mode 0664 group floppy + add path 'acd*' mode 0664 group floppy + +Edit /etc/rc.conf and add the following line if missing + devfs_system_ruleset="localrules" + +This gets into effect by reboot or by command + /etc/rc.d/devfs start + +----------- +On Solaris: +----------- +Run cdrskin by + pfexec cdrskin ...arguments... + +The following settings will make pfexec keep original UID and EUID and prevent +most superuser powers. Be aware that you still can manipulate all device files +if you have the file permissions for that. +Full root privileges for cdrskin can then be aquired only by command su. + +Edit /etc/security/exec_attr and add this line to the other "Media Backup" +lines: + Media Backup:solaris:cmd:::/usr/local/bin/cdrskin:privs=basic,sys_devices +Edit /etc/user_attr and add profile "Media Backup" to the user's line: + thomas::::profiles=Media Backup,Primary Administrator;roles=root +See also man privileges, man exec_attr, man user_attr. + +Then allow the group r-access to the drives + pfexec chgrp floppy /dev/rdsk/c3t0d0s2 /dev/rdsk/c4t0d0s2 + pfexec chmod g+r /dev/rdsk/c3t0d0s2 /dev/rdsk/c4t0d0s2 +The last two commands have to be executed after each boot. I do not know +the relevant device configuration files yet. + ------------------------------------------------------------------------------ Project aspects and legal stuff diff --git a/cdrskin/cdrskin.1 b/cdrskin/cdrskin.1 index f000a48..24a76b1 100644 --- a/cdrskin/cdrskin.1 +++ b/cdrskin/cdrskin.1 @@ -2,7 +2,7 @@ .\" First parameter, NAME, should be all caps .\" Second parameter, SECTION, should be 1-8, maybe w/ subsection .\" other parameters are allowed: see man(7), man(1) -.TH CDRSKIN 1 "Feb 29, 2010" +.TH CDRSKIN 1 "Jun 10, 2010" .\" Please adjust this date whenever revising the manpage. .\" .\" Some roff macros, for reference: @@ -271,19 +271,22 @@ the drive is somewhat higher but the overall system is much less at stake. Consider to restrict rw-access to a single group which bundles the users who are allowed to use the burner drive (like group "floppy"). .br +For drive permission examples on Linux, FreeBSD, and Solaris, +see cdrskin/README. +.br .PP If you only got one CD capable drive then you may leave out cdrskin option \fBdev=\fP. Else you should use this option to address the drive you want. .br cdrskin option dev= not only accepts the listed addresses but also -traditional cdrecord SCSI addresses which on Linux consist of three -numbers: Bus,Target,Lun. There is also a related address family "ATA" which +traditional cdrecord SCSI addresses which consist of three numbers: +Bus,Target,Lun. On Linux there is also a related address family "ATA" which accesses IDE drives not under control of Linux SCSI drivers: ATA:Bus,Target,Lun. .br See option -scanbus for getting a list of cdrecord style addresses. .br -Further are accepted on Linux: links to libburn-suitable device files, +Further are accepted: links to libburn-suitable device files, device files which have the same major and minor device number, and device files which have the same SCSI address parameters (e.g. /dev/sg0). .br