|
|
|||
k3b as non-privileged user
k3b usage as non-root/non-wheel user:
First of all, the k3b port expects you to be using a SCSI drive, so if you've a SCSI drive, you probably will not need this step, but for all of us IDE people, there's ATAPICAM, for which the following line must be compiled into the kernel Code:
device atapicam # ATAPI/CAM device atapicam is also loadable as a kernel module, atapicam.ko! To use this method instead of recompiling your kernel, add the following to /boot/loader.conf Code:
atapicam_load="YES" e.g. Code:
/dev/acd0 /cdrom cd9660 ro,noauto 0 0 /dev/cd0 /cdrom cd9660 ro,noauto 0 0 Code:
chmod 4711 /usr/local/bin/cdrecord chmod 4711 /usr/local/bin/cdrdao These will set both programs to use the suid of root despite the user who runs them, and thereby give them root priveledges... At this particular moment, k3b will start wihtout error! But unfortunately, it won't detect any drives either. which means you're SOL, right? Not quite! This is the part I actually had to figure out without help, so I'm proud of me. From the console output of k3b, it seems that while root can do as it likes, the normal user has no permission to access the devices that ATAPICAM uses. which can be fixed easily enough with... Code:
chmod 666 /dev/xpt0 chmod 666 /dev/pass0 NOTE2: These permissions will reset after rebooting, so you must add the following to /etc/devfs.conf so the permissions are set properly at boot NOTE3: If you have more that one CD/DVD drive (i.e acd0, acd1, acd2) that are going through atapicam (i.e cd0, cd1, cd2), you will also have multiple pass devices. make sure permissions are set to 0666 for all of them. There should still only be xpt0 however. NOTE4: One thing recommended by the k3b port is to add 'devd_enable="YES"' to /etc/rc.conf... it seems like a good idea to me ... It helps give permanence to the changes in /etc/devfs.conf Code:
perm xpt0 0666 perm pass0 0666 Last edited by Carpetsmoker; 10th May 2008 at 07:02 AM. Reason: Fix title, bbcode, and spelling |
|
||||
Just a note: if you have a multi-user system with scsi-based disks, then you must not set xpt0 permissions like this. It gives all users access to the scsi bus that can be used to do some nasty things. Read and understand xpt(4).
__________________
The only dumb question is a question not asked. The only dumb answer is an answer not given. |
|
|||
Hm, I do suppose that is a bit of a concern...
Any insight how to set it up better to provide similar access to the devices for users while keeping the bus from getting tinkered with? AFAICT, the only reason for setting the permissions is so the programs can see the drives are there. Perhaps the permissions can be set on the drives themselves and xpt can be left alone?... (I haven't got BSD running at the moment, so I cannot be sure.) |
|
|||
Now I really want to get FreeBSD running so I can try it out!
I can sympathize though, for years all I had for 33.6kbps (I lived in the Canadian Arctic.) Going back now would probably drive me mad. This may be worth digging up the old PC... (new PC's NIC isn't supported by FreeBSD) |
|
||||
Quote:
Quote:
Code:
# MYBOX's rules # [mybox_rules=100] add path 'acd*' mode 666 add path 'cd*' mode 666 add path 'pass*' mode 666 add path xpt0 mode 666 Code:
devfs_system_ruleset="mybox_rules" |
|
|||
permission fix
I believe when this came up on the old forum the more secure method was to assign anyone who needs will need access to a group (ie. cdwriters) and set the permissions
# MYBOX's rules # [mybox_rules=100] add path 'acd*' mode 660 group cdwriters add path 'cd*' mode 660 group cdwriters add path 'pass*' mode 660 group cdwriters add path xpt0 mode 660 group cdwriters k3b likes it and it appears to be more restrictive |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
New FreeBSD user. I need help! | rowebil | FreeBSD Installation and Upgrading | 2 | 9th March 2009 08:01 PM |
user permission... | lumiwa | FreeBSD General | 12 | 30th September 2008 02:28 AM |
dd+user=trouble | graudeejs | FreeBSD Security | 4 | 26th September 2008 03:48 PM |