LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
LinkBack Search this Thread
Old 06-03-2009, 07:25 PM   #1
xflow7
Member
 
Registered: May 2004
Distribution: Slackware
Posts: 157

Rep: Reputation: 20
Using sudoers to allow non-root eject


In the past, I have found that I needed to make /usr/bin/eject SUID in order to allow, for instance, Amarok to disconnect from my iPod when running as non-root.

The other day, having read up a little on the sudoers file, I figured it ought to be possible to add command specific entries to /etc/sudoers in order to allow members of the plugdev group to eject, etc.

So I added the following lines to /etc/sudoers

Code:
Cmnd_Alias EJECTCMD /usr/bin/eject, /usr/bin/kdeeject, /usr/bin/kio_media_manager

%plugdev ALL=(ALL) NOPASSWD: EJECTCMD
and prepended "sudo" to the "Post-Disconnect Command" in Amarok.

Presto, no need to have /usr/bin/eject as SUID anymore.

It seems to me this is probably a safer solution. Any comments from those more knowledgeable than I?
 
Old 06-03-2009, 08:09 PM   #2
Matir
Moderator
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Ubuntu
Posts: 8,507

Rep: Reputation: 116Reputation: 116
About all this does is prevent people outside the plugdev group from using eject as root. Otherwise, it's much the same.
 
Old 06-03-2009, 08:27 PM   #3
bgeddy
Senior Member
 
Registered: Sep 2006
Location: Liverpool - England
Distribution: slackware64 13.37 and -current, Dragonfly BSD
Posts: 1,810

Rep: Reputation: 227Reputation: 227Reputation: 227
Well personally I hate having things SUID on my system. I think the sudoer idea is far preferable limiting members to the plugdev group. Here is one of many articles about the dangers of setting SUID on programs http://luv.asn.au/overheads/security/kernel.html. Maybe I'm just paranoid !
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Sudoers - root question armandino Linux - General 4 03-05-2009 06:57 AM
Can't eject iPod as normal user, but works as root FreeThinkerJim Linux - Hardware 3 11-18-2005 08:19 PM
I deleted /etc/sudoers and creates a new file call sudoers but now it doesnt for visu abefroman Linux - Software 1 11-10-2005 05:03 PM
can only eject as root Cinematography Linux - Hardware 10 08-28-2005 04:47 PM


All times are GMT -5. The time now is 07:10 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration