Drop uid checking #64

sunwire · 2022-05-10T07:35:48Z

sunwire
May 10, 2022

Can we drop checking if the user is root?

Lines 228 to 230 in ebabc39

    
           if (getuid() != 0) { 
        
             errorOut("You must be root to read or set encryption options on a drive!"); 
        
           }

Now when we use a syslog for logs, at least under Linux, an ordinary user can use Stenc if he has the right to read the tape device and Stenc has set cap_sys_rawio capability.
https://man7.org/linux/man-pages/man7/capabilities.7.html
https://man7.org/linux/man-pages/man8/setcap.8.html

jonasstein · 2022-05-10T17:14:55Z

jonasstein
May 10, 2022
Maintainer

Dropping sounds good to me.
Could we then use the tape group too? We should add a section on permissions to the man page.

0 replies

jmwilson · 2022-05-11T22:35:48Z

jmwilson
May 11, 2022

Yes, this is dumb to check. Would be good to see how the program fails with a nonprivileged user so the error message is not totally inscrutable.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Drop uid checking #64

{{title}}

Replies: 2 comments

{{title}}

{{title}}

Select a reply

Drop uid checking #64

sunwire May 10, 2022

Replies: 2 comments

jonasstein May 10, 2022 Maintainer

jmwilson May 11, 2022

sunwire
May 10, 2022

jonasstein
May 10, 2022
Maintainer

jmwilson
May 11, 2022