|
»
»
»
cdrecord permission problems
|
View:
New views
16 Messages
—
Rating Filter:
Alert me
|
 |
cdrecord permission problems
by Mike Chambers-5
::
Rate this Message:
I can't seem to use anything to burn a cd, thinking permission problems?
I don't know why it would be that, if it is the problem, as I didn't change anything to do it. Anyway, when trying with k3b (I mainly just use nautilus and right click on the file to write to disc), I got this debug message.. System ----------------------- K3b Version: 1.0.5 KDE Version: 3.5.9-16.fc9 Fedora QT Version: 3.3.8b Kernel: 2.6.25.9-76.fc9.i686 Devices ----------------------- ATAPI DVD A DH16A1L KH1A (/dev/sr0, ) [CD-R, CD-RW, CD-ROM, DVD-ROM, DVD-R, DVD-RW, DVD-R DL, DVD+R, DVD+RW, DVD+R DL] [DVD-ROM, DVD-R Sequential, DVD-R Dual Layer Sequential, DVD-R Dual Layer Jump, DVD-RAM, DVD-RW Restricted Overwrite, DVD-RW Sequential, DVD+RW, DVD+R, DVD+R Dual Layer, CD-ROM, CD-R, CD-RW] [TAO, Restricted Overwrite, Layer Jump] Used versions ----------------------- cdrecord: 1.1.6 cdrecord ----------------------- TOC Type: 1 = CD-ROM /usr/bin/wodim: Operation not permitted. Warning: Cannot raise RLIMIT_MEMLOCK limits.scsidev: '/dev/sr0' devname: '/dev/sr0' scsibus: -2 target: -2 lun: -2 /usr/bin/wodim: Permission denied. Cannot open SCSI driver! For possible targets try 'wodim --devices' or 'wodim -scanbus'. For possible transport specifiers try 'wodim dev=help'. For IDE/ATAPI devices configuration, see the file README.ATAPI.setup from the wodim documentation. cdrecord command: ----------------------- /usr/bin/wodim -v gracetime=2 dev=/dev/sr0 speed=40 -tao driveropts=burnfree -eject fs=4m -data -tsize=58220s - Any ideas? -- Mike Chambers Fedora Project - Ambassador, Bug Zapper, Tester, User, etc.. mikec302@... -- fedora-list mailing list fedora-list@... To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
|
|
Re: cdrecord permission problems
by Patrick O'Callaghan-2
::
Rate this Message:
On Sat, 2008-07-05 at 11:01 -0500, Mike Chambers wrote:
> I can't seem to use anything to burn a cd, thinking permission problems? > I don't know why it would be that, if it is the problem, as I didn't > change anything to do it. > > Anyway, when trying with k3b (I mainly just use nautilus and right click > on the file to write to disc), I got this debug message.. > > System > ----------------------- > K3b Version: 1.0.5 > > KDE Version: 3.5.9-16.fc9 Fedora > QT Version: 3.3.8b > Kernel: 2.6.25.9-76.fc9.i686 > Devices > ----------------------- > ATAPI DVD A DH16A1L KH1A (/dev/sr0, ) [CD-R, CD-RW, CD-ROM, DVD-ROM, > DVD-R, DVD-RW, DVD-R DL, DVD+R, DVD+RW, DVD+R DL] [DVD-ROM, DVD-R > Sequential, DVD-R Dual Layer Sequential, DVD-R Dual Layer Jump, DVD-RAM, > DVD-RW Restricted Overwrite, DVD-RW Sequential, DVD+RW, DVD+R, DVD+R > Dual Layer, CD-ROM, CD-R, CD-RW] [TAO, Restricted Overwrite, Layer Jump] > > Used versions > ----------------------- > cdrecord: 1.1.6 > > cdrecord > ----------------------- > TOC Type: 1 = CD-ROM > /usr/bin/wodim: Operation not permitted. Warning: Cannot raise > RLIMIT_MEMLOCK limits.scsidev: '/dev/sr0' > devname: '/dev/sr0' > scsibus: -2 target: -2 lun: -2 > /usr/bin/wodim: Permission denied. > Cannot open SCSI driver! > For possible targets try 'wodim --devices' or 'wodim -scanbus'. > For possible transport specifiers try 'wodim dev=help'. > For IDE/ATAPI devices configuration, see the file README.ATAPI.setup > from > the wodim documentation. > > cdrecord command: > ----------------------- > /usr/bin/wodim -v gracetime=2 dev=/dev/sr0 speed=40 -tao > driveropts=burnfree -eject fs=4m -data -tsize=58220s - > > Any ideas? Very likely to be https://bugzilla.redhat.com/show_bug.cgi?id=451320 poc -- fedora-list mailing list fedora-list@... To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
|
|
Re: cdrecord permission problems
by Antonio Olivares
::
Rate this Message:
--- On Sat, 7/5/08, Mike Chambers <mike@...> wrote:
> From: Mike Chambers <mike@...> > Subject: cdrecord permission problems > To: "Fedora" <fedora-list@...> > Date: Saturday, July 5, 2008, 9:01 AM > I can't seem to use anything to burn a cd, thinking > permission problems? > I don't know why it would be that, if it is the > problem, as I didn't > change anything to do it. > > Anyway, when trying with k3b (I mainly just use nautilus > and right click > on the file to write to disc), I got this debug message.. > > System > ----------------------- > K3b Version: 1.0.5 > > KDE Version: 3.5.9-16.fc9 Fedora > QT Version: 3.3.8b > Kernel: 2.6.25.9-76.fc9.i686 > Devices > ----------------------- > ATAPI DVD A DH16A1L KH1A (/dev/sr0, ) [CD-R, CD-RW, > CD-ROM, DVD-ROM, > DVD-R, DVD-RW, DVD-R DL, DVD+R, DVD+RW, DVD+R DL] [DVD-ROM, > DVD-R > Sequential, DVD-R Dual Layer Sequential, DVD-R Dual Layer > Jump, DVD-RAM, > DVD-RW Restricted Overwrite, DVD-RW Sequential, DVD+RW, > DVD+R, DVD+R > Dual Layer, CD-ROM, CD-R, CD-RW] [TAO, Restricted > Overwrite, Layer Jump] > > Used versions > ----------------------- > cdrecord: 1.1.6 > > cdrecord > ----------------------- > TOC Type: 1 = CD-ROM > /usr/bin/wodim: Operation not permitted. Warning: Cannot > raise > RLIMIT_MEMLOCK limits.scsidev: '/dev/sr0' > devname: '/dev/sr0' > scsibus: -2 target: -2 lun: -2 > /usr/bin/wodim: Permission denied. > Cannot open SCSI driver! > For possible targets try 'wodim --devices' or > 'wodim -scanbus'. > For possible transport specifiers try 'wodim > dev=help'. > For IDE/ATAPI devices configuration, see the file > README.ATAPI.setup > from > the wodim documentation. > > cdrecord command: > ----------------------- > /usr/bin/wodim -v gracetime=2 dev=/dev/sr0 speed=40 -tao > driveropts=burnfree -eject fs=4m -data -tsize=58220s - > > Any ideas? > > -- > Mike Chambers > Fedora Project - Ambassador, Bug Zapper, Tester, User, > etc.. > mikec302@... > > -- There is no bugzilla with that exactly, closest I found was: https://bugzilla.redhat.com/show_bug.cgi?id=423641 There as new cdrkit-1.1.8 but I guess that was in rawhide. There are some suggested fixes, but I do not know how they will help you. Regards, Antonio -- fedora-list mailing list fedora-list@... To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
|
|
Re: cdrecord permission problems
by Bugzilla from rdieter@math.unl.edu
::
Rate this Message:
Mike Chambers wrote:
> I can't seem to use anything to burn a cd, thinking permission problems? > I don't know why it would be that, if it is the problem, as I didn't > change anything to do it. May be resolved with a recent udev-124-1.fc9.2 update -- Rex -- fedora-list mailing list fedora-list@... To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
|
|
Re: cdrecord permission problems
by Bill Davidsen
::
Rate this Message:
Mike Chambers wrote:
> I can't seem to use anything to burn a cd, thinking permission problems? > I don't know why it would be that, if it is the problem, as I didn't > change anything to do it. > > Anyway, when trying with k3b (I mainly just use nautilus and right click > on the file to write to disc), I got this debug message.. > Note that cdrecord doesn't come with Fedora, there is a link by that name which leads to wodim. The usual drill is to change group on "cdrecord" to a new group, make the owner root, change perms to 4754, and it should work. I highly advise downloading the real cdrecord rather than using the "looks like" version. I've said this here before... -- Bill Davidsen <davidsen@...> "We have more to fear from the bungling of the incompetent than from the machinations of the wicked." - from Slashdot -- fedora-list mailing list fedora-list@... To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
|
|
Re: cdrecord permission problems
by Alan Cox
::
Rate this Message:
> Note that cdrecord doesn't come with Fedora, there is a link by that
> name which leads to wodim. The usual drill is to change group on wodim is the free software fork from cdrecord with other stuff added. > "cdrecord" to a new group, make the owner root, change perms to 4754, > and it should work. I highly advise downloading the real cdrecord rather > than using the "looks like" version. I would advise the reverse. For one wodim doesn't need to be setuid root which is quite a dangerous thing to enable on a large binary (althoguh cdrecord has a good security history) Alan -- fedora-list mailing list fedora-list@... To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
|
|
Re: cdrecord permission problems
by Alan Cox
::
Rate this Message:
> The reason setuid is needed is to allow use of vendor commands, and the
> command filter in the kernel doesn't allow some as non-root. Certain > people in the kernel community refuse to add these command, the author Actually thats untrue. We've added commands where it is safe to do so and we've also repeatedly said to people who wanted to customise the command list "send patches". Nobody has. > The right answer would be to have the kernel provide a way such as group > id, so I could identify devices and programs I trust with each other. That doesn't work. If you give a process access to a CD it can change the firmware which means next reboot it controls the system. Thus the only logical thing you can give it is pretty much "all powers" Alan -- fedora-list mailing list fedora-list@... To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
|
|
Re: cdrecord permission problems
by Bill Davidsen
::
Rate this Message:
Alan Cox wrote:
>> Note that cdrecord doesn't come with Fedora, there is a link by that >> name which leads to wodim. The usual drill is to change group on >> > > wodim is the free software fork from cdrecord with other stuff added. > > >> "cdrecord" to a new group, make the owner root, change perms to 4754, >> and it should work. I highly advise downloading the real cdrecord rather >> than using the "looks like" version. >> > > I would advise the reverse. For one wodim doesn't need to be setuid root > which is quite a dangerous thing to enable on a large binary (althoguh > cdrecord has a good security history) > The reason setuid is needed is to allow use of vendor commands, and the command filter in the kernel doesn't allow some as non-root. Certain people in the kernel community refuse to add these command, the author of cdrecord lacks any ability to work with other and ask nicely. Net result of this pissing contest is that "real" cdrecord will burn some combinations of media and hardware which wodim won't. The right answer would be to have the kernel provide a way such as group id, so I could identify devices and programs I trust with each other. Hang the capability on a flag I could set, and the whole problem would go away. Needless to say that wouldn't satisfy any of the people involved. In any case, I wouldn't suggest it if I didn't believe it, Joerg Schilling and I have gone around on a number of mailing lists, but he does keep his software very up-to-date, and has done for decades. -- Bill Davidsen <davidsen@...> "Woe unto the statesman who makes war without a reason that will still be valid when the war is over..." Otto von Bismark -- fedora-list mailing list fedora-list@... To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
|
|
Re: cdrecord permission problems
by stan-40
::
Rate this Message:
Alan Cox wrote:
>> The reason setuid is needed is to allow use of vendor commands, and the >> command filter in the kernel doesn't allow some as non-root. Certain >> people in the kernel community refuse to add these command, the author >> > > Actually thats untrue. We've added commands where it is safe to do so and > we've also repeatedly said to people who wanted to customise the command > list "send patches". Nobody has. > > >> The right answer would be to have the kernel provide a way such as group >> id, so I could identify devices and programs I trust with each other. >> > > That doesn't work. If you give a process access to a CD it can change the > firmware which means next reboot it controls the system. Thus the only > logical thing you can give it is pretty much "all powers" > > Alan > > Would your last statement be true under that scenario? That is, if a cd role was created as restricted as it could be? Would it be true if the role was combined with SELinux? I'm just curious and you seem like you have the knowledge to answer this. -- fedora-list mailing list fedora-list@... To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
|
|
Re: cdrecord permission problems
by Antonio Olivares
::
Rate this Message:
--- On Mon, 7/7/08, Alan Cox <alan@...> wrote:
> From: Alan Cox <alan@...> > Subject: Re: cdrecord permission problems > To: fedora-list@... > Cc: davidsen@... > Date: Monday, July 7, 2008, 8:52 AM > > Note that cdrecord doesn't come with Fedora, there > is a link by that > > name which leads to wodim. The usual drill is to > change group on > > wodim is the free software fork from cdrecord with other > stuff added. http://www.opensource.org/docs/osd > > > "cdrecord" to a new group, make the owner > root, change perms to 4754, > > and it should work. I highly advise downloading the > real cdrecord rather > > than using the "looks like" version. > > I would advise the reverse. For one wodim doesn't need > to be setuid root > which is quite a dangerous thing to enable on a large > binary (althoguh > cdrecord has a good security history) > There are some CD brands which original cdrecord does not like and wodim does follow through with the burn +1 for wodim There are problems encountered with cdwriting permissions and burning fails with wodim +1 for original cdrecord I have read about the controversies and the nasty messages between the developers, but it should be up to the user what he/she wants to do. My $0.02 Regards, Antonio > > Alan > > -- > fedora-list mailing list > fedora-list@... > To unsubscribe: > https://www.redhat.com/mailman/listinfo/fedora-list -- fedora-list mailing list fedora-list@... To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
|
|
Re: cdrecord permission problems
by Alan Cox
::
Rate this Message:
On Mon, 7 Jul 2008 10:33:04 -0700 (PDT)
Antonio Olivares <olivares14031@...> wrote: > --- On Mon, 7/7/08, Alan Cox <alan@...> wrote: > > > From: Alan Cox <alan@...> > > Subject: Re: cdrecord permission problems > > To: fedora-list@... > > Cc: davidsen@... > > Date: Monday, July 7, 2008, 8:52 AM > > > Note that cdrecord doesn't come with Fedora, there > > is a link by that > > > name which leads to wodim. The usual drill is to > > change group on > > > > wodim is the free software fork from cdrecord with other > > stuff added. > cdrtools is also free. What makes wodim 'freer' > > http://www.opensource.org/docs/osd The DVD version of cdrecord was payware while the DVD support in wodim is not. Alan -- fedora-list mailing list fedora-list@... To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
|
|
Re: cdrecord permission problems
by Alan Cox
::
Rate this Message:
> I recently read a paper about the role base security now in the kernel.
> Would your last statement be true under that scenario? That is, if a cd role was > created as restricted as it could be? Would it be true if the role was combined > with SELinux? I'd still be able to patch the firmware to make the drive hand back a fake bootable image which hacked the box before Linux ever ran (assuming the CD drive was in the boot order) The right answer is to have patches to let HAL update the command table according to the drive identity. So far nobody has considered it important enough to produce some (that I've seen anyway). You might want to combine that with role based security or SELinux rules Alan -- fedora-list mailing list fedora-list@... To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
|
|
Re: cdrecord permission problems
by Antonio Olivares
::
Rate this Message:
--- On Mon, 7/7/08, Alan Cox <alan@...> wrote:
> From: Alan Cox <alan@...> > Subject: Re: cdrecord permission problems > To: olivares14031@..., "For users of Fedora" <fedora-list@...> > Cc: olivares14031@... > Date: Monday, July 7, 2008, 11:12 AM > On Mon, 7 Jul 2008 10:33:04 -0700 (PDT) > Antonio Olivares <olivares14031@...> wrote: > > > --- On Mon, 7/7/08, Alan Cox > <alan@...> wrote: > > > > > From: Alan Cox <alan@...> > > > Subject: Re: cdrecord permission problems > > > To: fedora-list@... > > > Cc: davidsen@... > > > Date: Monday, July 7, 2008, 8:52 AM > > > > Note that cdrecord doesn't come with > Fedora, there > > > is a link by that > > > > name which leads to wodim. The usual drill > is to > > > change group on > > > > > > wodim is the free software fork from cdrecord > with other > > > stuff added. > > cdrtools is also free. What makes wodim > 'freer' > > > > http://www.opensource.org/docs/osd > > The DVD version of cdrecord was payware while the DVD > support in wodim is not. <quote from ftp://ftp.berlios.de/pub/cdrecord/ProDVD/README> This directory includes binary versions of cdrecord-ProDVD for various platforms NOTE: the DVD-recording drivers have been added to the OpenSource part on May 15th 2006 with cdrtools-2.01.01a09. See ftp://ftp.berlios.de/pub/cdrecord/alpha/ There is no longer a need for a key. </quote> Good thing to know that wodim also burns DVD's. growisofs would also do this if needed. And users also have cdrdao to use when wodim fails. It is great to have all these tools at our disposal. I have both like I have said, and would use the other when one fails [olivares@localhost ~]$ cdrecord --version Cdrecord-yelling-line-to-tell-frontends-to-use-it-like-version 2.01.01a03-dvd Wodim 1.1.6 Copyright (C) 2006 Cdrkit suite contributors Based on works from Joerg Schilling, Copyright (C) 1995-2006, J. Schilling [olivares@localhost ~]$ /opt/schily/bin/cdrecord --version Cdrecord-ProDVD-ProBD-Clone 2.01.01a42 (x86_64-unknown-linux-gnu) Copyright (C) 1995-2008 J�rg Schilling [olivares@localhost ~]$ Regards, Antonio > > Alan -- fedora-list mailing list fedora-list@... To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
|
|
Re: cdrecord permission problems
by Bill Davidsen
::
Rate this Message:
Alan Cox wrote:
>> The reason setuid is needed is to allow use of vendor commands, and the >> command filter in the kernel doesn't allow some as non-root. Certain >> people in the kernel community refuse to add these command, the author > > Actually thats untrue. We've added commands where it is safe to do so and > we've also repeatedly said to people who wanted to customise the command > list "send patches". Nobody has. > What patches? Below you reject the idea of specifying processes I trust to write individual devices, any patch to add commands to the allowed commands table in a running system could hardly be safer, and the table applies to all processes and CD devices, while I propose matching g+rw on the device with eGID of the process at open and setting some "trust" flag. That allows me to trust only a single device to a single process. >> The right answer would be to have the kernel provide a way such as group >> id, so I could identify devices and programs I trust with each other. > > That doesn't work. If you give a process access to a CD it can change the > firmware which means next reboot it controls the system. Thus the only > logical thing you can give it is pretty much "all powers" Anyone who puts anything ahead of the disk in the boot sequence is asking to leave a media in a drive at next boot. Stupidity, like virtue, is its own reward. -- Bill Davidsen <davidsen@...> "We have more to fear from the bungling of the incompetent than from the machinations of the wicked." - from Slashdot -- fedora-list mailing list fedora-list@... To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
|
|
Re: cdrecord permission problems
by Bill Davidsen
::
Rate this Message:
Alan Cox wrote:
> On Mon, 7 Jul 2008 10:33:04 -0700 (PDT) > Antonio Olivares <olivares14031@...> wrote: > >> --- On Mon, 7/7/08, Alan Cox <alan@...> wrote: >> >>> From: Alan Cox <alan@...> >>> Subject: Re: cdrecord permission problems >>> To: fedora-list@... >>> Cc: davidsen@... >>> Date: Monday, July 7, 2008, 8:52 AM >>>> Note that cdrecord doesn't come with Fedora, there >>> is a link by that >>>> name which leads to wodim. The usual drill is to >>> change group on >>> >>> wodim is the free software fork from cdrecord with other >>> stuff added. >> cdrtools is also free. What makes wodim 'freer' >> >> http://www.opensource.org/docs/osd > > The DVD version of cdrecord was payware while the DVD support in wodim is > not. > has been in the open source release for a long time, since Joerg lacks the people skills to even let people give him money. I suggested he just get a Paypal account and ask for donations, he wanted payment by International Money Order payable in Euros. Anyway, history lesson over, there are many things I don't like about cdrtools, but I like the results. -- Bill Davidsen <davidsen@...> "We have more to fear from the bungling of the incompetent than from the machinations of the wicked." - from Slashdot -- fedora-list mailing list fedora-list@... To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
|
|
Re: cdrecord permission problems
by Alan Cox
::
Rate this Message:
> What patches? Below you reject the idea of specifying processes I trust
> to write individual devices, any patch to add commands to the allowed > commands table in a running system could hardly be safer, and the table > applies to all processes and CD devices, while I propose matching g+rw > on the device with eGID of the process at open and setting some "trust" > flag. That allows me to trust only a single device to a single process. It would be far safer. A configurable command filter stops people issuing problem commands, a trust this program flag means you are exposed to all sorts of potential bugs in the programs that you choose to trust. In the command filter case there is no privilege escalation required. HAL already runs at early boot and clean of user ability to fiddle so can set up the tables itself. > Anyone who puts anything ahead of the disk in the boot sequence is > asking to leave a media in a drive at next boot. Stupidity, like virtue, > is its own reward. What a lovely way to treat users, most of whom will have CD first because that is how the vendors ship their PC. Alan -- fedora-list mailing list fedora-list@... To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list |
| Free Forum Powered by Nabble | Forum Help |