SUDO
Oliver Fuchs
oliverfuchs at onlinehome.de
Tue Feb 1 20:27:27 PST 2005
On Tue, 01 Feb 2005, Java Beans wrote:
> What do i have to enter in /etc/sudoers in order to give
> some user group the permission to start k3b with root
> permissions?
Hi,
what about:
ALL ALL = NOPASSWD: /sbin/camcontrol devlist
ALL ALL = NOPASSWD: /usr/local/bin/k3b
See also pkg-message file of k3b port:
[...]
3. k3b has to be started from a root console, which is not recommended.
Alternatively do ALL of the following:
3a. set the suid flag on cdrecord and cdrdao. The 'Notes' the chapter of
'man cdrecord' discusses this.
3b. - For every user who should be able to use k3b and for every CD or DVD
device add a directory in the users home directory. These directories
must be owned by the corresponding user. For each such directory add a
line in /ect/fstab (see remark 2), like:
/dev/cd0c /usr/home/XXX/cdrom cd9660 ro,noauto,nodev,nosuid 0 0
Furthermore allow user mounts as described in topic 9.22 of the FAQ:
http://www.freebsd.org/doc/en_US.ISO8859-1/books/faq/disks.html#USER-FLOPPYMOUNT
Note: If you are using FreeBSD 5.x you might want to edit your /etc/devfs.conf.
See http://sig9.com/archive/articles/HOWTO-mount-fs.html for details.
- or just give mount and umount the suid flag, which is a security leak.
3c. - Every user who should be able to use k3b must have read and write access
to all pass through devices connected with CD and DVD drives and to the /dev/xpt0
device. Run 'camcontrol devlist' to identify those devices (seek string 'passX'
at the end of each line and modify the rights of /dev/passX). Note, that
this is a security leak as well but that there is no alternative!
[...]
Oliver
--
... don't touch the bang bang fruit
More information about the freebsd-questions
mailing list