Vladimir Nadvornik
The fact that cdrecord with suid is able to use such device could be even considered a security bug.
Cdrecord is carefully audited and you definitely _need_ root permissions if you like to offer the features that cdrecord offers. Linux did _always_ require root privileges for such programs.
What changes in Linux are required to support cdrecord without root permissions correctly?
As cdrecord on Solaris works without being root since January 2006 and for this reason, it is well documented what you need to do: - create a specific exec atribute for cdrecord and other commands from cdrtools that contain the needed special fine grained privileges. - For cdrecord on Solaris, this is: PRIV_FILE_DAC_READ, PRIV_PROC_LOCK_MEMORY, PRIV_PROC_PRIOCNTL, PRIV_NET_PRIVADDR, PRIV_SYS_DEVICES, - For cdda2wav on Solaris, this is: PRIV_FILE_DAC_READ, PRIV_PROC_PRIOCNTL, PRIV_NET_PRIVADDR, PRIV_SYS_DEVICES, - For readcd on Solaris, this is: PRIV_FILE_DAC_READ, PRIV_NET_PRIVADDR, PRIV_SYS_DEVICES, For Linux, PRIV_SYS_DEVICES would need to be translated into what is apropriate in order to permit sending _any_ SCSI command. Since 2004, Solaris comes with a complete fine grained privileges environment. Although Linux did start at a similar time, the implementation still seems to be only 70% ready. Solaris implements kernel and user space support, Linux implements kernel support but only a very rudimentary user space support. It may be that there are other possibilities to make Linux usable (e.g. by using specific filesystem features that look like mandatory acces control features), but these features (and many other important basic features) are treated as "optional" by most Linux disistros (the exception seems to be a single turkish distro).
I know about mlock and realtime priority. Anything else? The list of filtered scsi commands seems to be complete so there should not be a problem.
See above, your asumptions about SCSI are incorrect and not having the needed privileges is one reason for aprox. 10-20% of the documented wodim bugs.
It is a lot more risky if you use software that has been influenced by people who fail to understand the background. Eduard Bloch is such a person....
And BTW: wodim has problems with dealing with e.g. SATA drives regardless on whether you are root.
Could you please explain the techical background here?
As there is no clean concept for SCSI generic pass through on Linux, it is hard to implement workarounds for the constantly "drifting" user interfaces from the Linux kernel. libscg implements a stable interface to the users of this lib but this unly works because I am using a very conservative design approach. People who don't understand the problems with the Linux kernel/user interface tend to implement solutions that work only for today but fail a short time later. This is what happens with wodim. Jörg -- EMail:joerg@schily.isdn.cs.tu-berlin.de (home) Jörg Schilling D-13353 Berlin js@cs.tu-berlin.de (uni) joerg.schilling@fokus.fraunhofer.de (work) Blog: http://schily.blogspot.com/ URL: http://cdrecord.berlios.de/private/ ftp://ftp.berlios.de/pub/schily -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org