xcdroast 0.98+0alpha16-1ubuntu1 / usr / share / doc / xcdroast / README.nonroot

This file is indexed.

/usr/share/doc/xcdroast/README.nonroot is in xcdroast 0.98+0alpha16-1ubuntu1.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
X-CD-Roast 0.98alpha15
----------------------

The non-root mode allows that X-CD-Roast can be started by any user and
not only by "root". 


	Please note that X-CD-Roast 0.98alpha15 can configure the non-root
	mode fully automatic. At the first startup as root you will be 
	prompted to enable the non-root mode. 
	But you can always enable and disable the non-root mode again in
	the setup menu. 

	So these instruction here are just for curious and not required 
	to use the non-root mode of X-CD-Roast.

	Distribution-vendors: No need to compile X-CD-Roast with disabled 
	non-root mode! Starting with alpha14 X-CD-Roast no longer will
	require to create a group or set suid/sgid bits on the cdrtools.

	Also note: A lot of linux distributions ship with a version of
	X-CD-Roast that was compiled with a disabled non-root-mode.
	None of the instructions here will work unless you recompile
	X-CD-Roast or install a fully enabled version.


Instructions for non-root setup 
(If you prefer not to use the automatic!)
-----------------------------------------

If you do not want to let other users use X-CD-Roast, you are free
to skip all these instructions and just start X-CD-Roast always as root.


Please change the permissions according to this README to allow  
normal users to run X-CD-Roast. 


With 0.98alpha15 it is no longer required to create a new
group or to set any permissions on the cdrtools.

The wrapper programm "xcdrwrap" (will be install into 
/usr/local/lib/xcdroast-0.98/bin/xcdrwrap on the default installation)
will care about all the permission configuration.

We give the wrapper the suid-bit and set its owner to root. Now all
cdrtools are spawned through the wrapper and have automatically 
the required rights. All known security issues are handled with that
setup. (There is even code in the wrapper to avoid the known cdrecord 2.0
root exploit, in the case you wonder.) 
 
X-CD-Roast can now decide which user is allowed to burn, by checking the
configuration the root user created. Details about this later... 


Setting the permissions
-----------------------

Please install the cdrtools-2.0 (or newer) now. You can copy the binaries
to $PREFIX (e.g. /usr/bin or /usr/local/bin) or to the library-directory
of xcdroast (e.g. /usr/local/lib/xcdroast-0.98/bin). X-CD-Roast will look
in both dirs. This is described in detail in the README-file.

On all current linux distributions the cdrtools are preinstalled and
you need not to worry about them.

Locate the wrapper: 

	/usr/local/lib/xcdroast-0.98/bin or /usr/lib/xcdroast-0.98/bin

Please change now to the corresponding directory and enter:

	chown root xcdrwrap
	chmod 4755 xcdrwrap


Usage of the non-root-mode
--------------------------

After X-CD-Roast was installed and all the permissions set correctly,
it can be started. 
The first time root have to start it, to create the root-configuration-file
/etc/xcdroast.conf. Without this file, a normal user will get an error
message. 

Root gets a new menu in setup, which allows him to define which users can
start X-CD-Roast on which hosts. There is also the possibility of defining
how much a user is allowed to change in the setup-menu. 
It's possible that a normal user should not be able to change the
cdwriter-device or the directory where image-files are created in. These
settings apply to ALL allowed users. 
Please see the tooltip-help for a detailed description of each option. 

After root saved the configuration, all normal users (which have 
been given permission by root via the setup) can start up X-CD-Roast.
If root denied them access to some options in the setup, then this
options are greyed out, and cannot be changed. 

Thats all - please point out any security problems. I tested this
only on Linux-systems, I am not sure if this works on other platforms.
If you use a non-Linux system and get X-CD-Roast running fine as non-root
user, please send me a detailed description of all changes.

27.10.2003 Thomas Niederreiter (tn@xcdroast.org)

APT Browse - Built by Thomas Orozco.