X-CD-Roast 0.98alpha15 ---------------------- The non-root mode allows that X-CD-Roast can be started by any user and not only by "root". Please note that X-CD-Roast 0.98alpha15 can configure the non-root mode fully automatic. At the first startup as root you will be prompted to enable the non-root mode. But you can always enable and disable the non-root mode again in the setup menu. So these instruction here are just for curious and not required to use the non-root mode of X-CD-Roast. Distribution-vendors: No need to compile X-CD-Roast with disabled non-root mode! Starting with alpha14 X-CD-Roast no longer will require to create a group or set suid/sgid bits on the cdrtools. Also note: A lot of linux distributions ship with a version of X-CD-Roast that was compiled with a disabled non-root-mode. None of the instructions here will work unless you recompile X-CD-Roast or install a fully enabled version. Instructions for non-root setup (If you prefer not to use the automatic!) ----------------------------------------- If you do not want to let other users use X-CD-Roast, you are free to skip all these instructions and just start X-CD-Roast always as root. Please change the permissions according to this README to allow normal users to run X-CD-Roast. With 0.98alpha15 it is no longer required to create a new group or to set any permissions on the cdrtools. The wrapper programm "xcdrwrap" (will be install into /usr/local/lib/xcdroast-0.98/bin/xcdrwrap on the default installation) will care about all the permission configuration. We give the wrapper the suid-bit and set its owner to root. Now all cdrtools are spawned through the wrapper and have automatically the required rights. All known security issues are handled with that setup. (There is even code in the wrapper to avoid the known cdrecord 2.0 root exploit, in the case you wonder.) X-CD-Roast can now decide which user is allowed to burn, by checking the configuration the root user created. Details about this later... Setting the permissions ----------------------- Please install the cdrtools-2.0 (or newer) now. You can copy the binaries to $PREFIX (e.g. /usr/bin or /usr/local/bin) or to the library-directory of xcdroast (e.g. /usr/local/lib/xcdroast-0.98/bin). X-CD-Roast will look in both dirs. This is described in detail in the README-file. On all current linux distributions the cdrtools are preinstalled and you need not to worry about them. Locate the wrapper: /usr/local/lib/xcdroast-0.98/bin or /usr/lib/xcdroast-0.98/bin Please change now to the corresponding directory and enter: chown root xcdrwrap chmod 4755 xcdrwrap Usage of the non-root-mode -------------------------- After X-CD-Roast was installed and all the permissions set correctly, it can be started. The first time root have to start it, to create the root-configuration-file /etc/xcdroast.conf. Without this file, a normal user will get an error message. Root gets a new menu in setup, which allows him to define which users can start X-CD-Roast on which hosts. There is also the possibility of defining how much a user is allowed to change in the setup-menu. It's possible that a normal user should not be able to change the cdwriter-device or the directory where image-files are created in. These settings apply to ALL allowed users. Please see the tooltip-help for a detailed description of each option. After root saved the configuration, all normal users (which have been given permission by root via the setup) can start up X-CD-Roast. If root denied them access to some options in the setup, then this options are greyed out, and cannot be changed. Thats all - please point out any security problems. I tested this only on Linux-systems, I am not sure if this works on other platforms. If you use a non-Linux system and get X-CD-Roast running fine as non-root user, please send me a detailed description of all changes. 27.10.2003 Thomas Niederreiter (tn@xcdroast.org)