cdrecord permission problems

Bill Davidsen davidsen at
Mon Jul 7 17:01:54 UTC 2008

Alan Cox wrote:
>> Note that cdrecord doesn't come with Fedora, there is a link by that 
>> name which leads to wodim. The usual drill is to change group on 
> wodim is the free software fork from cdrecord with other stuff added.
>> "cdrecord" to a new group, make the owner root, change perms to 4754, 
>> and it should work. I highly advise downloading the real cdrecord rather 
>> than using the "looks like" version.
> I would advise the reverse. For one wodim doesn't need to be setuid root
> which is quite a dangerous thing to enable on a large binary (althoguh
> cdrecord has a good security history)

The reason setuid is needed is to allow use of vendor commands, and the 
command filter in the kernel doesn't allow some as non-root. Certain 
people in the kernel community refuse to add these command, the author 
of cdrecord lacks any ability to work with other and ask nicely. Net 
result of this pissing contest is that "real" cdrecord will burn some 
combinations of media and hardware which wodim won't.

The right answer would be to have the kernel provide a way such as group 
id, so I could identify devices and programs I trust with each other. 
Hang the capability on a flag I could set, and the whole problem would 
go away. Needless to say that wouldn't satisfy any of the people involved.

In any case, I wouldn't suggest it if I didn't believe it, Joerg 
Schilling and I have gone around on a number of mailing lists, but he 
does keep his software very up-to-date, and has done for decades.

Bill Davidsen <davidsen at>
  "Woe unto the statesman who makes war without a reason that will still
  be valid when the war is over..." Otto von Bismark 

More information about the fedora-list mailing list