LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices

Reply
 
Search this Thread
Old 09-15-2005, 09:14 AM   #1
Dynom8
LQ Newbie
 
Registered: Sep 2005
Posts: 4

Rep: Reputation: 0
Question Disabling CD burner write access ?


This pertains to Debian Sarge 3.1. I would like to know if there is a way to disable a CD burners write access for particular users? I noticed in the /etc/group file that there is a cdrom group and certain users can be members of that group.

Let's say I have a user named "test."

I tried chmod 775 on /media/cdrom, which is a link to /dev/hda. I then edited the /etc/group file and did not make user "test" a member of that group. In my mind, because "test" is not a member of the cdrom group, and world permissions on /dev/hda do not include write, "test" should not have the ability to write to a cd. I tested this and it did not seem to work. Does anyone have any additional information, and does anyone know if the above scenario should work? Thanks.

- Dyno
 
Old 09-15-2005, 09:36 AM   #2
vinay_s_s
Member
 
Registered: Jul 2003
Posts: 658

Rep: Reputation: 30
Make it 660 and make sure the user is not in the group (use the groups command to check)
and also, if debian uses udev/devfs, then permissions changed with chmod won't stay in effect, you will need to edit a file containing the rules (check your local docs for that)
 
Old 09-15-2005, 09:37 AM   #3
vinay_s_s
Member
 
Registered: Jul 2003
Posts: 658

Rep: Reputation: 30
Oh and check the user/group data of /dev/hda , if its not root:cdrom, then you will need to fix it too
 
Old 09-15-2005, 09:43 AM   #4
kilgoretrout
Senior Member
 
Registered: Oct 2003
Posts: 2,332

Rep: Reputation: 141Reputation: 141
All cd burning programs are just front ends for cdrecord IIRC. You could create a cd burning group and set the owner/group ownership of cdrecord to root:cdburn_group and set the execute permissions to owner and group only. Then only members of the cd burning group would be able to use cdrecord.
 
Old 09-15-2005, 09:50 AM   #5
Dynom8
LQ Newbie
 
Registered: Sep 2005
Posts: 4

Original Poster
Rep: Reputation: 0
Thanks for the response. I apologize for not being more clear in my initial post. I don't want to disable write access for all users, only for users not in the cdrom group. Just curious as to why I would want to disable execute on user, group, and world? I would still like world to have read and execute, but those users do not need write access. Permissions on the user and group should still be wide open. Am I looking at this illogically? Would removing execute permission disable the ability to write to a CD?

- Dyno
 
Old 09-15-2005, 01:35 PM   #6
kilgoretrout
Senior Member
 
Registered: Oct 2003
Posts: 2,332

Rep: Reputation: 141Reputation: 141
I guess I wasn't very clear. To sum it up, the only way to "write" to a cd-r in linux is to execute cdrecord. By restricting execute permissions on cdrecord to a set group, you can control who has access to cd burning. That's the most straightforward way of addressing the problem IMHO.

I'm not even sure what it means to set an execute permission on a cdrom device, if it means anything. Hardware isn't executed. I don't see any execute permissions on any of my drives. Access to the drive will be controlled by device file ownership, here, problably root:cdrom, and permissions which I agree should be 660. That will restrict read/write access to the drive to root and members of the cdrom group which I think is what you want. If your running udev these permission changes will not survive a reboot as noted by vinay. So then you need to hack an init script to reset them every time you reboot or directly change the udev config file.

I thought it would be easier to just change permissions/ownership on cdrecord. Restricting cdrecord to root and the cdrom group would be done with:

# chown root:cdrom /usr/bin/cdrecord
# chmod 770 /usr/bin/cdrecord
 
Old 09-15-2005, 01:59 PM   #7
Dynom8
LQ Newbie
 
Registered: Sep 2005
Posts: 4

Original Poster
Rep: Reputation: 0
kilgoretrout - Thanks so much for the response. I will try this and give an update as to whether that works for me. Thanks again.

- Dyno
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
grip : no write access to write encoded file bidouilleur Linux - Software 5 10-09-2010 10:23 PM
Disabling 'write command' hirenpandya Linux - Security 9 03-03-2009 06:10 PM
Removing or disabling user access to proxy setup Wholeeo Linux - Networking 0 09-28-2004 01:04 PM
Grip- "no write access to write encoded file" Alvis Linux - Software 4 01-06-2004 05:18 PM
cd burner reads but won't write Scott176 Linux - Hardware 2 12-17-2002 05:25 AM


All times are GMT -5. The time now is 01:55 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration