From owner-freebsd-questions@FreeBSD.ORG Thu Feb 3 19:45:46 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AF57516A4CE for ; Thu, 3 Feb 2005 19:45:46 +0000 (GMT) Received: from guri.is.scarlet.be (guri.is.scarlet.be [193.74.71.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id 741DB43D3F for ; Thu, 3 Feb 2005 19:45:45 +0000 (GMT) (envelope-from freebsdbeni@spymac.com) Received: from (ip-195-95-44-51.dsl.scarlet.be [195.95.44.51]) by guri.is.scarlet.be with ESMTP id j13JjhC10764 for ; Thu, 3 Feb 2005 20:45:43 +0100 From: FreeBsdBeni To: freebsd-questions@freebsd.org Date: Thu, 3 Feb 2005 20:45:19 +0100 User-Agent: KMail/1.7.2 References: <42001124.2030804@fusemail.com> <011101c508b7$226e0480$c900a8c0@ostros> In-Reply-To: <011101c508b7$226e0480$c900a8c0@ostros> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Message-Id: <200502032045.19768.freebsdbeni@spymac.com> Subject: Re: problems running k3b in fluxbox with sudo X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Feb 2005 19:45:46 -0000 > ----- Original Message ----- > From: "Brian John" > To: > Sent: Tuesday, February 01, 2005 3:30 PM > Subject: problems running k3b in fluxbox with sudo > > > When I try to run k3b in fluxbox with sudo, I get this error message: > > 'Unable to find growisofs executable'. Any clue what would cause this?= =20 > > I can't burn DVDs until I get it resolved... > > =46rom the Notes-section in "man growisofs" : NOTES If executed under sudo(8) growisofs refuses to start. This is done = for the following reason. Naturally growisofs has to access the data set= to be recorded to DVD media, either indirectly by letting mkisofs gener= ate ISO9660 layout on-the-fly or directly if a pre-mastered image is to= be recorded. Being executed under sudo(8), growisofs effectively gra= nts sudoers read access to any file in the file system. The situation= is intensified by the fact that growisofs parses MKISOFS environment va= ri- able in order to determine alternative path to mkisofs executa= ble image. This means that being executed under sudo(8), growisofs eff= ec- tively grants sudoers right to execute program of their choice w= ith elevated privileges. If you for any reason still find the above acce= pt- able and are willing to take the consequences, then consider runn= ing following wrapper script under sudo(8) in place for real growis= ofs binary. #!/bin/ksh unset SUDO_COMMAND export MKISOFS=3D/path/to/trusted/mkisofs exec growisofs "$@" But note that the recommended alternative to the above "workaround"= is actually to install growisofs set-root-uid, in which case it will d= rop privileges prior accessing data or executing mkisofs in order to p= re- clude unauthorized access to the data. I have to start k3b with "kdesu k3b", not just "sudo". Then it finds growis= ofs=20 and it all works. =20 Beni.