From owner-freebsd-questions@FreeBSD.ORG Wed Feb 2 04:27:27 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6E00516A4CF for ; Wed, 2 Feb 2005 04:27:27 +0000 (GMT) Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.176]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7B95043D3F for ; Wed, 2 Feb 2005 04:27:26 +0000 (GMT) (envelope-from oliverfuchs@onlinehome.de) Received: from [212.227.126.205] (helo=mrelayng.kundenserver.de) by moutng.kundenserver.de with esmtp (Exim 3.35 #1) id 1CwC6v-0006Ag-00 for freebsd-questions@freebsd.org; Wed, 02 Feb 2005 05:27:25 +0100 Received: from [217.246.205.18] (helo=oliverfuchs.onlinehome.de) (TLSv1:EDH-RSA-DES-CBC3-SHA:168) (Exim 3.35 #1) id 1CwC6t-000175-00 for freebsd-questions@freebsd.org; Wed, 02 Feb 2005 05:27:24 +0100 Received: from oliverfuchs.onlinehome.de (localhost.onlinehome.de [127.0.0.1]) j124S5VG002394 for ; Wed, 2 Feb 2005 05:28:05 +0100 (CET) (envelope-from oliverfuchs1@oliverfuchs.onlinehome.de) Received: (from oliverfuchs1@localhost) by oliverfuchs.onlinehome.de (8.13.1/8.13.1/Submit) id j124PQu3002387 for freebsd-questions@freebsd.org; Wed, 2 Feb 2005 05:25:26 +0100 (CET) (envelope-from oliverfuchs1) Date: Wed, 2 Feb 2005 05:25:26 +0100 From: Oliver Fuchs To: freebsd-questions@freebsd.org Message-ID: <20050202042526.GA2113@oliverfuchs.onlinehome.de> Mail-Followup-To: freebsd-questions@freebsd.org References: <20050201052341.GB5919@pc102356.concepts.nl> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-15 Content-Disposition: inline In-Reply-To: <20050201052341.GB5919@pc102356.concepts.nl> User-Agent: Mutt/1.4.2.1i X-Provags-ID: kundenserver.de abuse@kundenserver.de auth:c2b2791553508cc938db2bcf18721a3c Subject: Re: SUDO X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Feb 2005 04:27:27 -0000 On Tue, 01 Feb 2005, Java Beans wrote: > What do i have to enter in /etc/sudoers in order to give > some user group the permission to start k3b with root > permissions? Hi, what about: ALL ALL = NOPASSWD: /sbin/camcontrol devlist ALL ALL = NOPASSWD: /usr/local/bin/k3b See also pkg-message file of k3b port: [...] 3. k3b has to be started from a root console, which is not recommended. Alternatively do ALL of the following: 3a. set the suid flag on cdrecord and cdrdao. The 'Notes' the chapter of 'man cdrecord' discusses this. 3b. - For every user who should be able to use k3b and for every CD or DVD device add a directory in the users home directory. These directories must be owned by the corresponding user. For each such directory add a line in /ect/fstab (see remark 2), like: /dev/cd0c /usr/home/XXX/cdrom cd9660 ro,noauto,nodev,nosuid 0 0 Furthermore allow user mounts as described in topic 9.22 of the FAQ: http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/disks.html#USER-FLOPPYMOUNT Note: If you are using FreeBSD 5.x you might want to edit your /etc/devfs.conf. See http://sig9.com/archive/articles/HOWTO-mount-fs.html for details. - or just give mount and umount the suid flag, which is a security leak. 3c. - Every user who should be able to use k3b must have read and write access to all pass through devices connected with CD and DVD drives and to the /dev/xpt0 device. Run 'camcontrol devlist' to identify those devices (seek string 'passX' at the end of each line and modify the rights of /dev/passX). Note, that this is a security leak as well but that there is no alternative! [...] Oliver -- ... don't touch the bang bang fruit