On Fri, Dec 27, 2002 at 06:47:35AM -0500, Jeff Flowers wrote:
> Couldn't you just add the user in question to the operator group?

Well, you need write access to the device to send raw SCSI/ATAPI
commands to the CD... but I thought he wanted all users to rip CDs,
not just one specific user. Also, someone in the operator group can do
other stuff that might be bad from a security perspective (e.g., read
the data off the raw hard disk device, shutdown or reboot the
system...)

The /etc/ttyaction method has a possible disadvantage that anyone who
wants to rip a CD needs to log in on the console, but I don't think
that's actually a problem. After all, you've gotta be at the console
to physically put the CD in anyways :) The advantage is that you can
give the user permissions to only the devices he needs access to, and
revoke them when he logs out.

I remember when I was in school, I was telnetted into one of the
Sparcstation 1+s running SunOS 4.something they had at the computer
lab. I was looking through the various bin directories and came across
either bar or eject--in any case, I tried it out and ended up
accidentally ejecting the floppy disk the guy at the console was
working with :) Oops :) They had the floppy device mode 666... later
they added stuff to /etc/fbtab to chown the floppy to the logged-in
user.
-- 
Name: Dave Huang         |  Mammal, mammal / their names are called /
INet: khym@azeotrope.org |  they raise a paw / the bat, the cat /
FurryMUCK: Dahan         |  dolphin and dog / koala bear and hog -- TMBG
Dahan: Hani G Y+C 27 Y++ L+++ W- C++ T++ A+ E+ S++ V++ F- Q+++ P+ B+ PA+ PL++