Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 2 Feb 2005 05:25:26 +0100
From:      Oliver Fuchs <oliverfuchs@onlinehome.de>
To:        freebsd-questions@freebsd.org
Subject:   Re: SUDO
Message-ID:  <20050202042526.GA2113@oliverfuchs.onlinehome.de>
In-Reply-To: <20050201052341.GB5919@pc102356.concepts.nl>
References:  <20050201052341.GB5919@pc102356.concepts.nl>
index | next in thread | previous in thread | raw e-mail 

On Tue, 01 Feb 2005, Java Beans wrote:

> What do i have to enter in /etc/sudoers in order to give
> some user group the permission to start k3b with root
> permissions?

Hi,

what about:

ALL             ALL = NOPASSWD: /sbin/camcontrol devlist
ALL             ALL = NOPASSWD: /usr/local/bin/k3b

See also pkg-message file of k3b port:

[...]
3. k3b has to be started from a root console, which is not recommended.
   Alternatively do ALL of the following:
3a. set the suid flag on cdrecord and cdrdao. The 'Notes' the chapter of
    'man cdrecord' discusses this.
3b. - For every user who should be able to use k3b and for every CD or DVD
      device add a directory in the users home directory. These directories
      must be owned by the corresponding user. For each such directory add a
      line in /ect/fstab (see remark 2), like:
        /dev/cd0c  /usr/home/XXX/cdrom  cd9660  ro,noauto,nodev,nosuid  0  0
      Furthermore allow user mounts as described in topic 9.22 of the FAQ:
      http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/disks.html#USER-FLOPPYMOUNT
      Note: If you are using FreeBSD 5.x you might want to edit your /etc/devfs.conf.
      See http://sig9.com/archive/articles/HOWTO-mount-fs.html for details.
    - or just give mount and umount the suid flag, which is a security leak.
3c. - Every user who should be able to use k3b must have read and write access
      to all pass through devices connected with CD and DVD drives and to the /dev/xpt0 
      device. Run 'camcontrol devlist' to identify those devices (seek string 'passX'
      at the end of each line and modify the rights of /dev/passX). Note, that
      this is a security leak as well but that there is no alternative!
[...]


Oliver
-- 
... don't touch the bang bang fruit
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20050202042526.GA2113>