In the past, I have found that I needed to make /usr/bin/eject SUID in order to allow, for instance, Amarok to disconnect from my iPod when running as non-root.
The other day, having read up a little on the sudoers file, I figured it ought to be possible to add command specific entries to /etc/sudoers in order to allow members of the plugdev group to eject, etc.
So I added the following lines to /etc/sudoers
Cmnd_Alias EJECTCMD /usr/bin/eject, /usr/bin/kdeeject, /usr/bin/kio_media_manager
%plugdev ALL=(ALL) NOPASSWD: EJECTCMD
and prepended "sudo" to the "Post-Disconnect Command" in Amarok.
Presto, no need to have /usr/bin/eject as SUID anymore.
It seems to me this is probably a safer solution. Any comments from those more knowledgeable than I?