On Fri, 2 Jan 2004, David S. wrote:

> > > > It's very sensible, IMO, to make "/dev/rcd?[ad]" group writable. The
> > > > daily security script will warn about that, unfortunately, and the
> > >
> > > As well it should -- plenty of harm can be done by issuing raw SCSI
> > > commands using any device that will take them.
> >
> > A CD-ROM drive isn't any SCSI device. The other choice, granting users
> > root just so they can rip audio tracks, isn't very attractive, and the
> > automounter can't help with that.
>
> I guess that the "correct" way to do this is with 'sytrace' and privilege
> elevation.  Though it's a bit of work to develop appropriate policies for
> the various programs that will write to the CD/DVD devices,

I really don't see the harm of giving write access to a CD-*ROM*. For
a CD burner, there could conceivably be some threat, but not worse
than allowing a user to eject a mounted CD and insert a different CD
manually (which the privileges can't forbid).

Frederick