Oliver Fuchs oliverfuchs at
Tue Feb 1 20:27:27 PST 2005

On Tue, 01 Feb 2005, Java Beans wrote:

> What do i have to enter in /etc/sudoers in order to give
> some user group the permission to start k3b with root
> permissions?


what about:

ALL             ALL = NOPASSWD: /sbin/camcontrol devlist
ALL             ALL = NOPASSWD: /usr/local/bin/k3b

See also pkg-message file of k3b port:

3. k3b has to be started from a root console, which is not recommended.
   Alternatively do ALL of the following:
3a. set the suid flag on cdrecord and cdrdao. The 'Notes' the chapter of
    'man cdrecord' discusses this.
3b. - For every user who should be able to use k3b and for every CD or DVD
      device add a directory in the users home directory. These directories
      must be owned by the corresponding user. For each such directory add a
      line in /ect/fstab (see remark 2), like:
        /dev/cd0c  /usr/home/XXX/cdrom  cd9660  ro,noauto,nodev,nosuid  0  0
      Furthermore allow user mounts as described in topic 9.22 of the FAQ:
      Note: If you are using FreeBSD 5.x you might want to edit your /etc/devfs.conf.
      See for details.
    - or just give mount and umount the suid flag, which is a security leak.
3c. - Every user who should be able to use k3b must have read and write access
      to all pass through devices connected with CD and DVD drives and to the /dev/xpt0 
      device. Run 'camcontrol devlist' to identify those devices (seek string 'passX'
      at the end of each line and modify the rights of /dev/passX). Note, that
      this is a security leak as well but that there is no alternative!

... don't touch the bang bang fruit

More information about the freebsd-questions mailing list