cdrdao for Debian ----------------- 1. Running cdrdao as a non-root user In the past, cdrdao has been installed setuid root. Due to security issues, this was removed. Such security issues probably still remain at this time. If you make cdrdao setuid, then it is likely it can be leveraged to gain full shell access to the relevant uid. To make this firmly clear, cdrdao will drop setuid root privileges on startup. In order to allow regular users to run cdrdao, you can grant them access to the relevant device nodes. If you're using scsi emulation or a genuine scsi burner, this will probably be a /dev/scd and a /dev/sg node - for device 0,1,0, /dev/scd1 and /dev/sg1. This will grant access to all users in the cdrom group: chgrp cdrom /dev/scd1 /dev/sg1 chmod g+rw /dev/scd1 /dev/sg1 If you're using the ATAPI packet writing interface in linux 2.6, it'll just be /dev/hdc or similar, and the installer probably already set this up for you. Then use "adduser user cdrom" to add the users to the cdrom group. One side-effect of this is that cdrdao will not run with real-time priority. There is currently no easy, safe way to grant this. With a modern CD writer, it probably won't matter, but it may cause buffer underruns if the system is under significant load while burning. If this really bothers you, use sudo to run cdrdao, and be aware that any user who can run cdrdao can probably gain root if they really want to. 2. toc2mp3 The toc2mp3 utility provided in the cdrdao source requires lame in order to work. For legal reasons, lame is not included in Debian, so toc2mp3 is not included either. -- Andrew Suffield Thu, 24 Nov 2005 22:24:24 +0000