A dvd buring error leads to a discussion of permission
Hi Guys -
I'm having trouble with the last step (the burn phase) of a DVD creation app called QDVDAuthor. It's been pretty reliable but has recently started failing. FYI, this is ubuntu 6.10 on an AMD 64 platform.
dvdrecord -dao speed=2 dev=0,0,0 /video2/tmp//MOforfriend/dvd.iso
{snipage]
scsidev: '0,0,0'
scsibus: 0 target: 0 lun: 0
Linux sg driver version: 3.5.33
dvdrecord: Permission denied. Cannot open '/dev/sg1'. Cannot open SCSI driver.''I did as you suggested and replaced the dev=0,0,0 with dev=/dev/hdc, but I ran it as a standard user (not root), and it worked fine. It's unlikely the app runs with root privileges; that's more MS style. Any thoughts?
Take a look at the permissions of /dev/hdc. Poking around at my debian box, which Ubuntu is based on, I get:
mkovach@kuiper:~$ ls -l /dev/hdc brw-rw---- 1 root disk 22, 0 Feb 26 2005 /dev/hdc
(For a better description of the ls command, try http://en.wikipedia.org/wiki/Ls_(Unix).
The block device /dev/hdc (i.e.: how the program is accessing the drive) is owned by root and the group disk. The owner and the group have read,r, and write,w, access to the block devices. There are a couple of ways for an app to access it. Grant a user temporary privileges using setuid, which for su does:
mkovach@kuiper:~$ ls -l /bin/su -rwsr-xr-x 1 root root 23416 Aug 12 14:05 /bin/su
(Note the small s in the owner executable bit, http://en.wikipedia.org/wiki/Setuid, setuid allowing users to run the program with higher privileges. In this case, su will allow users to run things as root. There is also setgid which does that same thing but based on the group.).
If you check the permissions on the application and it is not setuid then you should check the groups you are in:
mkovach@kuiper:~$ id uid=1000(mkovach) gid=1000(mkovach) groups=6(disk), 29(audio),1000(mkovach), 1012(web)
Since I am in the disk group, which as read/write capabilities on /dev/hdc, I will be able to access the /dev/hdc for writing.
Not knowing the specifics of how Ubuntu is setup, I would guess that the one of the following is true:
- cdrecord is setup as setuid as root. My guess is that this is NOT the case, since setuid has obvious security issues.
- The ownership of /dev/hdc is set to the user running the locale X session. This is quite common and can be controller by serveral applications (auto mounting, X login session management, etc.).
- The ownership of /dev/hdc is read/write for the owner, group, and other (brw-rw-rw-) which allows any user on the system to access it. Questionable security issues depending on the device.
The ownership includes owner and group setings (brw-rw----) and when the account was created, the operating system added you to the group.
To find out which you should run the following commands:
id ls -l /dev/hdc ls -l /usr/bin/cdrecord (and where ever cdrecord is on your system).
reid@ubuntu:~$ id uid=1000(reid) gid=1000(reid),groups=4(adm),20(dialout),24(cdrom),25(floppy),27(sudo),29(audio),30(dip),44(video), 46(plugdev),109(lpadmin),111(scanner),114(admin),1000(reid) reid@ubuntu:~$ ls -l /dev/hdc brw-rw---- 1 root cdrom 22, 0 2006-12-11 09:20 /dev/hdc reid@ubuntu:~$ ls -l /usr/bin/cdrecord -rwxr-xr-x 1 root root 133 2006-08-17 08:57 /usr/bin/cdrecord
Summary
One problem, call cdrecord (or dvdrecord) with the device set to the actual device number (this reflects a change in cdrecord). One Clarification, the permissions on the system are setup so any user in the cdrom group can access the cdrom burner.