[opensuse] Keeping access to cd/dvd player
Some how, something got set to change the settings on the cd/dvd player dev. I have to keep changing permissions of /dev/sr0 to allow non-root access. How do I change it permanently ? -- Duaine Hechler Piano, Player Piano, Pump Organ Tuning, Servicing & Rebuilding Reed Organ Society Member Florissant, MO 63034 (314) 838-5587 dahechler@att.net www.hechlerpianoandorgan.com -- Home & Business user of Linux - 10 years -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tuesday 28 April 2009 09:05:43 pm Duaine & Laura Hechler wrote:
I have to keep changing permissions of /dev/sr0 to allow non-root access.
How do I change it permanently ?
Unless it is something new that problem is already solved and if you run online update it should be all good. -- Regards, Rajko http://news.opensuse.org/category/people-of-opensuse/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 4/29/2009 at 4:05, Duaine & Laura Hechler <dahechler@att.net> wrote: Some how, something got set to change the settings on the cd/dvd player dev.
I have to keep changing permissions of /dev/sr0 to allow non-root access.
How do I change it permanently ?
you should update your system. This was a very early error in hal (or udev... not sure anymore), that the permissions were not set correctly. Most device files are created dynamically nowadays and permissions are granted dynamically too with udev. don't be surprised: ls -l will not show you all you want to see: :~> ls -l /dev/sr0 brw-rw----+ 1 root cdrom 11, 0 2009-04-29 08:16 /dev/sr0 On first sight, you'd say I need to be either root or in group cdrom to access /dev/sr0. BUT: the + behind the permissions tells us there is more: some ACLs are defined. so let's check those: :~> getfacl /dev/sr0 getfacl: Removing leading '/' from absolute path names # file: dev/sr0 # owner: root # group: cdrom user::rw- user:dominique:rw- group::rw- mask::rw- other::--- So. Now it makes more sense: user::rw- is the 'default' from the file system. (the same as we've seen in ls -l). the same coutns for group::rw- But then we have an additional user:dominique:rw-, which also grants user dominique the rw rights on this 'file' If the process is not working, as said, try the updates that are available. Dominique -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Duaine & Laura Hechler wrote:
Some how, something got set to change the settings on the cd/dvd player dev.
I have to keep changing permissions of /dev/sr0 to allow non-root access.
How do I change it permanently ?
You don't change the permissions on the device. You add yourself to the group that has permissions. However, on my system, the group is "disk", which I don't appear to be a member of. When a CD is mounted, the properties show me as the owner. I have no problem accessing my CD or DVD drives. -- Use OpenOffice.org <http://www.openoffice.org> -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
James Knot wrote:
Duaine & Laura Hechler wrote:
Some how, something got set to change the settings on the cd/dvd player dev.
I have to keep changing permissions of /dev/sr0 to allow non-root access.
How do I change it permanently ?
You don't change the permissions on the device. You add yourself to the group that has permissions. However, on my system, the group is "disk", which I don't appear to be a member of. When a CD is mounted, the properties show me as the owner. I have no problem accessing my CD or DVD drives.
That fixed it. Thanks, Duaine -- Duaine Hechler Piano, Player Piano, Pump Organ Tuning, Servicing & Rebuilding Reed Organ Society Member Florissant, MO 63034 (314) 838-5587 dahechler@att.net www.hechlerpianoandorgan.com -- Home & Business user of Linux - 10 years -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Wednesday 29 April 2009 11:29:48 am Duaine & Laura Hechler wrote:
James Knot wrote:
Duaine & Laura Hechler wrote:
Some how, something got set to change the settings on the cd/dvd player dev.
I have to keep changing permissions of /dev/sr0 to allow non-root access.
How do I change it permanently ?
You don't change the permissions on the device. You add yourself to the group that has permissions. However, on my system, the group is "disk", which I don't appear to be a member of. When a CD is mounted, the properties show me as the owner. I have no problem accessing my CD or DVD drives.
That fixed it.
Thanks, Duaine
Interesting. Being disk group gives your normal user extraordinary rights for all you disks, which is equivalent to root. See: ll /dev/* | grep disk Here is a part of mine: ... brw-rw---- 1 root disk 8, 0 Apr 29 15:23 /dev/sda brw-rw---- 1 root disk 8, 1 Apr 29 15:23 /dev/sda1 brw-rw---- 1 root disk 8, 2 Apr 29 15:23 /dev/sda2 brw-rw---- 1 root disk 8, 3 Apr 29 15:23 /dev/sda3 brw-rw---- 1 root disk 8, 4 Apr 29 15:23 /dev/sda4 brw-rw---- 1 root disk 8, 5 Apr 29 20:23 /dev/sda5 crw-r----- 1 root disk 21, 0 Apr 29 15:23 /dev/sg0 crw-r----- 1 root disk 21, 1 Apr 29 15:23 /dev/sg1 crw-rw----+ 1 root disk 21, 2 Apr 29 15:23 /dev/sg2 crw-r----- 1 root disk 21, 3 Apr 29 15:23 /dev/sg3 brw-rw----+ 1 root disk 11, 0 Apr 29 15:23 /dev/sr0 Isn't that good, having root access to your hard disks. Making normal user part of disk group defeats all security measures. Misbehaving, or malevolent, application can do with your system all that root can, because, as you can see, disk group has same read write access to disks. -- Regards, Rajko http://news.opensuse.org/category/people-of-opensuse/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
Rajko M. wrote:
On Wednesday 29 April 2009 11:29:48 am Duaine & Laura Hechler wrote:
James Knot wrote:
Duaine & Laura Hechler wrote:
Some how, something got set to change the settings on the cd/dvd player dev.
I have to keep changing permissions of /dev/sr0 to allow non-root access.
How do I change it permanently ?
You don't change the permissions on the device. You add yourself to the group that has permissions. However, on my system, the group is "disk", which I don't appear to be a member of. When a CD is mounted, the properties show me as the owner. I have no problem accessing my CD or DVD drives.
That fixed it.
Thanks, Duaine
Interesting.
Being disk group gives your normal user extraordinary rights for all you disks, which is equivalent to root.
See: ll /dev/* | grep disk
Here is a part of mine: ... brw-rw---- 1 root disk 8, 0 Apr 29 15:23 /dev/sda brw-rw---- 1 root disk 8, 1 Apr 29 15:23 /dev/sda1 brw-rw---- 1 root disk 8, 2 Apr 29 15:23 /dev/sda2 brw-rw---- 1 root disk 8, 3 Apr 29 15:23 /dev/sda3 brw-rw---- 1 root disk 8, 4 Apr 29 15:23 /dev/sda4 brw-rw---- 1 root disk 8, 5 Apr 29 20:23 /dev/sda5 crw-r----- 1 root disk 21, 0 Apr 29 15:23 /dev/sg0 crw-r----- 1 root disk 21, 1 Apr 29 15:23 /dev/sg1 crw-rw----+ 1 root disk 21, 2 Apr 29 15:23 /dev/sg2 crw-r----- 1 root disk 21, 3 Apr 29 15:23 /dev/sg3 brw-rw----+ 1 root disk 11, 0 Apr 29 15:23 /dev/sr0
Isn't that good, having root access to your hard disks.
Making normal user part of disk group defeats all security measures. Misbehaving, or malevolent, application can do with your system all that root can, because, as you can see, disk group has same read write access to disks.
As I mentioned, I am not a member of disk, though my comment about joining the group is valid for other devices. I currently have a CD mounted and the permissions are: dr-xr-xr-x 6 jknott root 2048 2007-03-28 15:06 LJ-1994-2006. So I apparently "own" the mounted CD with read & execute permissions. -- Use OpenOffice.org <http://www.openoffice.org> -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Thursday 30 April 2009 06:35:51 am James Knott wrote:
As I mentioned, I am not a member of disk, though my comment about joining the group is valid for other devices. I currently have a CD mounted and the permissions are: dr-xr-xr-x 6 jknott root 2048 2007-03-28 15:06 LJ-1994-2006. So I apparently "own" the mounted CD with read & execute permissions.
James, problem is when user join disk group it is the same as being root, there is no difference in access permissions. As member of group users you can't write direct to disk, as member of group disk you can. Million times explained system protection trough limited access is effectively removed. Misbehaving application/script will not fail if it attempts to write to /dev/<any_disk> and user can have his music written direct to the disk, although, nothing will read the disk after that. The only way is to have set ACL as it is for: crw-rw----+ 1 root disk 21, 2 Apr 29 15:23 /dev/sg2 brw-rw----+ 1 root disk 11, 0 Apr 29 15:23 /dev/sr0 note + after permissions. That was set wrong in released version, but patch was published short after, and all that Duane has to do is to apply patch ie. run online updates. Now his system is protected only from good applications that check user ID before they run, all other can wipe of his disks, or do any other damage. I commented, not because I'm worried about you, you are old Linux user, but Duane, and all other that will find this mail interchange trough Google, and applying advice turn their nice Linux box in something like Win 98. -- Regards, Rajko http://news.opensuse.org/category/people-of-opensuse/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On 05/01/2009 09:48 AM, Rajko M. wrote:
That was set wrong in released version, but patch was published short after, and all that Duane has to do is to apply patch ie. run online updates.
There must be more than that. On our server, fresh install (i.e. not upgrade), fully updated, and there is no acl to give the user access to the cdrom (/dev/sr0). I know I have seen those permissions here, and I have access here (upgrade from 10.3, 10.2, 10.1, 9.3, ...). There must be something else. Maybe it is fixed only for kde4. The computer it does not work is using kde 3.5, the 2 that do use kde 4.2.2. -- Joe Morris Registered Linux user 231871 running openSUSE 11.1 x86_64 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Friday 01 May 2009 04:53:50 am Joe Morris wrote:
On 05/01/2009 09:48 AM, Rajko M. wrote:
That was set wrong in released version, but patch was published short after, and all that Duane has to do is to apply patch ie. run online updates.
There must be more than that. On our server, fresh install (i.e. not upgrade), fully updated, and there is no acl to give the user access to the cdrom (/dev/sr0). I know I have seen those permissions here, and I have access here (upgrade from 10.3, 10.2, 10.1, 9.3, ...). There must be something else. Maybe it is fixed only for kde4. The computer it does not work is using kde 3.5, the 2 that do use kde 4.2.2.
Could be. I just found this: https://bugzilla.novell.com/show_bug.cgi?id=466124 This is the old one: https://bugzilla.novell.com/show_bug.cgi?id=408252 The new one with patch installed: https://bugzilla.novell.com/show_bug.cgi?id=478475 I guess that you can join the last one. -- Regards, Rajko http://news.opensuse.org/category/people-of-opensuse/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday, 2009-04-29 at 11:29 -0500, Duaine & Laura Hechler wrote:
How do I change it permanently ?
You don't change the permissions on the device. You add yourself to the group that has permissions. However, on my system, the group is "disk",
That fixed it.
That's the wrong method, you should undo it. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkn6w1IACgkQtTMYHG2NR9WJ7ACfRx8VCWMUGlEL2apze5CsMx3d 3D8An2/I7z/BHdkO/rs+9ym8aH+0qkK4 =MTDC -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (6)
-
Carlos E. R. -
Dominique Leuenberger -
Duaine & Laura Hechler -
James Knott -
Joe Morris -
Rajko M.