Sorry for the wrong mail some minutes ago..... Am Freitag, 11. April 2003 15:00 schrieb Matt T.:
Example: Most cdrecording apps try to read the cd reader / writer as root, however the app then is started as the user, so if the rights are set to user only, then the app, when trying to do something as root on this device, fails! K3b setup installs its group cdrecording and tries to set the rights correctly, and it seems to work, but latest next time you login k3b does not find any devices anymore, because root cannot read them anymore, only the user has rw access.
Are you sure? root should be able to do anything, no matter what rights are specified.
Now add to that that the cdwriter / cdrom is sometimes referred to as /dec/sr0 and sometimes as sg0, and the confusion is perfect. Some apps seem to be even hardwired to one or the other.
Yes, you have to fix rights on both, just to be sure.
I prefer a group, such as disk or cdrecording, scanner, audio, disk, to contain the users having the rights to access a device or a group of devices. This is much more easy for my tired brain to understand. So I switch off logindevperm, and set up my groups as I can understand it, and now no more surprises, it works and keeps working.
Yes, that's my way to do that, too. But if s.o. wants to be sure, that all SuSE scripts are doing what they are supposed to, you should not mess with that. Only if you know how something works, you can tweak it this way.
It does not matter to a virus, if I have the right to access a disk device from logindevperm or from being member of a group, doesn't it???
Sure there's a difference. logindevperm does _not_ set the owner /dev/hd* or /dev/sd* to the user. Just the cdrom devices. So a virus could erase the CD-RW in your CD writer, but cannot do something with your harddisks.
I'm not aware of a way to avoid giving a user rw access to a hdd and still being able to use this hdd, so whatever I do, if I get a virus it has my rights, which usualy include disk access.
There's a difference between let a user write files and let a user have write access to the physical hdd device entry... In the second case, the user can overwrite the mba, or do anyting he wants to.
Please correct me if got it wrong!
Sure I will :))))
PS. Don't get me wrong, I think SuSE Linux is a great distribution, this is just an areas where I see improvements are possible and necessary.
I know what you mean. I think the default setting is wonderful for users, but bad for admins and experienced users. But the latter one can change this easily. Greets, Daniel