At Freitag, 29. Januar 2010 11:39 Joerg Schilling wrote: Thanks for your nice informations and with this line for setcap cap_dac_override,cap_sys_rawio,cap_ipc_lock,cap_sys_nice,cap_net_bind_service+ep a "cdrecord --scanbus" works as normal user without a problem.
As long as there is no support code in Linux distros to set capabilities without making the target program suid root anyway, I see no other possibility than to stay with
chown root cdrecord cdda2wav readcd chmod 4711 cdrecord cdda2wav readcd
This is definitive easier and there is no risk if something will changes for capabilities. There is only one thing which i find better and it is that i prefer "chmod 4710" with a special group to not allow everyone to run cdrecord. Okay, i'm not an expert but this looks safe enough for me ... provide that i have to look every time at the manpage of capabilities.-) See you, Attila