From owner-freebsd-hackers  Mon Jun  9 13:25:42 1997
Return-Path: <owner-hackers>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id NAA12750
          for hackers-outgoing; Mon, 9 Jun 1997 13:25:42 -0700 (PDT)
Received: from prova.iet.unipi.it (prova1.iet.unipi.it [131.114.9.11])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id NAA12745
          for <hackers@freebsd.org>; Mon, 9 Jun 1997 13:25:30 -0700 (PDT)
Received: from localhost (luigi@localhost)
	by prova.iet.unipi.it (8.8.5/8.8.5) with SMTP id WAA00420
	for <hackers@freebsd.org>; Mon, 9 Jun 1997 22:25:59 +0200 (CEST)
Date: Mon, 9 Jun 1997 22:25:58 +0200 (CEST)
From: Luigi Rizzo <luigi@iet.unipi.it>
To: hackers@freebsd.org
Subject: rtprio from non-root users ?
Message-ID: <Pine.BSF.3.95q.970609215133.253A-100000@prova.iet.unipi.it>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-hackers@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Hi,

I am trying to allow non-root accounts to use CD-R devices. Although
I might probably create some suid-root shell scripts, I don't like
much the idea and I would prefer a different approach, i.e. limiting
access to a group of allowed users and letting them to write their own
scripts.

I am running into a couple of problems, namely:

1) there is no command-level method (I think) to add groups to the
   credential of a user. Probably this is a more general problem,
   but fortunately this is only a nuisance, because it can be solved
   by making allowed users "su" to the username with rights to use
   the device.

2) (major problem) rtprio does not allow the necessary priority
   settings if not superuser; but it cannot be made suid root since
   it does not drop priority before execing the requested process.
   Of the following two fixes:

   a) modify the rtprio syscall so that it can set realtime priority
      for a restricted set of users (but then, how to configure this
      set ?);

   b) modify the rtprio(1) command so that it can run suid-root, by
      allowing RTP_SET for a configurable class of users (e.g.
      /etc/rtprio.users) and calling setuid to restore the real uid
      before calling execvp

   which one looks better ? I am in favour of b) , but I am not sure
   if it can cause security problems.

	Cheers
	Luigi
====================================================================
Luigi Rizzo                     Dip. di Ingegneria dell'Informazione
email: luigi@iet.unipi.it       Universita' di Pisa
tel: +39-50-568533              via Diotisalvi 2, 56126 PISA (Italy)
fax: +39-50-568522              http://www.iet.unipi.it/~luigi/
====================================================================