The Truth, Please ==> Why are CD/DVD drives not usable? ... Are permissions issues a FreeBSD response to security risks?

I came from linux.
Tried many different distro's over the years.
CD/DVD drives and misc. burning always worked out of the box.

Not so with FreeBSD.

Installed test system, as follows:
FreeBSD 13.1 amd64
XFCE

It all started when the XFCE default burning software (XFBurn) wouldn't find the drive.
Tried all the forum supplied answers, none of them worked.
So I tried installing other burning software, nothing worked.
Not even K3B, which I don't like because of all the dependencies.
Tried XFBurn, Brasero, tkdvd, K3b.
All with the same basic issue, cannot access drive (basically) due to permissions.

Can't even get a CD/DVD to show in the File Manager.
UNLESS its a FreeBSD install DVD. That shows in the File Mangager.
Go figure. That makes no sense.

Everything I'm seeing involves jumping through hoops to get CD/DVD burning working with
any of these front ends. Basically because CD/DVD burning needs root access (not recommended),
resulting in various workarounds.

So I'm curious.... What gives with this situation?

Is it best to ignore CD/DVD's from this point on,
maybe use USB memory sticks instead?

Whats the general consensus on this?

Please advise.....!

Thanks!!
.
.
 
You better access CD/DVD's through command line. [FreeBSD is not Windows]
And they work fine under freebsd.
Mostly i use usb-stick but in exceptional cases i use CD/DVD.

Note you can even write a FreeBSD-install-image to DVD,
Here to link of the file,

Some handbook info,
 
  • Like
Reactions: cy@
I've never used them to burn CDs/DVDs using some GUI but over the years I've used various command line tools to burn ISO images, CDs, and DVDs. When I was a competitive bodybuilder (12 first, second, third place) during my younger days when my body was not so creaky and worn out as a senior now, I'd mix my own music on FreeBSD and burn it to CD so they could play it during the evening show. (I can't remember which FreeBSD port I used to do that but displaying the amplitude of the music helped creating something that complied with the rules for the evening.) All this was done using FreeBSD 5, 6 and 7.

I haven't heard that any of the ports have stopped working over the years.

Creating FreeBSD ISO images and burning downloaded Linux images was no problem either. I used cdrdao, cdrtools and dvd+rw-tools in ports/sysutils. I hear that dvdbackup is also a good tool. But these are all command line utilities. GUI tools for burning CD and DVD images were not that plentiful then.

I did use dvd+rw-tools to burn a Linux ISO last year.

I'm sure there are others here who have done the same as above but using some of the GUI tools available in FreeBSD these days.
 
It really doesn't matter if you are using terminal based or GUI based application. It boils down to the same thing - permissions.

It's been so long since I used cd/dvrom I can't even recall what problems I had with it. I'd start with the basic troubleshooting steps though:
a) what permissions your cdrom dsf (device special file, e.g. /dev/cd0 or alike) has now
b) what groups are you in

That will tell you if you can actually access the device. It may be as simple as adding your user to the group that has access to this dsf. And/or check the devfs.conf(5) to see how you can modify the permissions/ownership of such dsf so you can use it. FreeBSD handbook has information how to do this for usb device, you can do this similarly to cdrom.
 
To set permissions,

in /etc/devfs.conf i have:
Code:
# Commonly used by many ports
    link    cd0                cdrom
    link    cd0                dvd
# Misc other devices
    perm    pass*           0660
    perm    xpt*            0660
## allow mount cdrom
    own        /dev/cd0        x:operator
    perm    /dev/cd0        0660

And in /etc/devfs.rules
Code:
[system=10]
#SCSI
add path 'pass*'    mode 0660 group operator
add path 'xpt*'     mode 0660 group operator
#CD
add path 'cd*'      mode 0660 group operator
 
By default the standard user doesn't have read/write permission to the CD/DVD.
The default group for Read access to the CD/DVD is operator and only root have write permission.

In order to be able to burn CDs your user need to have write permission on /dev/cd0 /dev/pass1 and /dev/xpt0.This can be done via polkit (PolicyKit), devfs.rules or starting the burning software as root.

To enable custom devfs.rules add your localrule in /etc/rc.conf using
sysrc devfs_system_ruleset="localrules"

Then create /etc/devfs.rules containing the following:
Code:
[localrules=10]
add path 'cd*' mode 660 group operator
add path 'pass*' mode 660 group operator
add path 'xpt*' mode 660 group operator

Then add your user to the operator group
pw group mod operator -m dave

restart devfs to read the new settings using
service devfs restart
 
To set permissions,

in /etc/devfs.conf i have:
Code:
# Commonly used by many ports
link cd0 cdrom
link cd0 dvd
# Misc other devices
perm pass* 0660
perm xpt* 0660
## allow mount cdrom
own /dev/cd0 x:operator
perm /dev/cd0 0660
And in /etc/devfs.rules
Code:
[system=10]
#SCSI
add path 'pass*' mode 0660 group operator
add path 'xpt*' mode 0660 group operator
#CD
add path 'cd*' mode 0660 group operator

After above changes was able to burn a CD/DVD using XFburn.

However, when executing command:
(as root)-
service devfs restart
it threw the error:
chown: x: illegal user name
and devfs service would not restart.

I know 'x' is not a valid username, what then is the purpose of this 'x'?


THEN...
Went to try running TkDVD, but threw a bunch of errors:

cdrecord -eject -tao dev=/dev/cd0 /usr/home/testingclient2/Downloads/krd.iso

cdrecord: Operation not permitted. Warning: Cannot raise RLIMIT_MEMLOCK limits.
cdrecord: Operation not permitted. WARNING: Cannot set RR-scheduler.
cdrecord: Permission denied. WARNING: Cannot set priority using setpriority().
cdrecord: WARNING: This causes a high risk for buffer underruns.
cdrecord: Insufficient 'file read' privileges. You will not be able to open all needed devices.
cdrecord: Insufficient 'file write' privileges. You will not be able to open all needed devices.
cdrecord: Insufficient 'device' privileges. You may not be able to send all needed SCSI commands, this my cause various unexplainable problems.
cdrecord: Insufficient 'memlock' privileges. You may get buffer underruns.
cdrecord: Insufficient 'priocntl' privileges. You may get buffer underruns.
cdrecord: Insufficient 'network' privileges. You will not be able to do remote SCSI.
scsidev: '/dev/cd0'
devname: '/dev/cd0'
scsibus: -2 target: -2 lun: -2
cdrecord: Invalid argument. Open by 'devname' not supported on this OS. Cannot open or use SCSI driver.
cdrecord: For possible targets try 'cdrecord -scanbus'. Make sure you are root.
cdrecord: For possible transport specifiers try 'cdrecord dev=help'.
Cdrecord-ProDVD-ProBD-Clone 3.02 2022/08/18 (amd64-unknown-freebsd13.1) Copyright (C) 1995-2019 Joerg Schilling
Writing finished


Not sure what all that means, other than apparently a lot more permissions issues.
TkDVD looks amazing, but not sure its worth it with all the errors to overcome.
 
My user is "x" , so you need to change the "x" to your user

Try first to run tkdvd/cdrecord as root.

Check permissions & ownership of /dev/cd0
 
Then add your user to the operator group
pw group mod operator -m dave
Already had this.

To enable custom devfs.rules add your localrule in /etc/rc.conf using
sysrc devfs_system_ruleset="localrules"

Added this, but didn't seem to matter, was already working prior to this.
Do [localrules=10] not need to be specified in /etc/rc.conf for some reason, while "localrules" you mentioned does?
 
My user is "x" , so you need to change the "x" to your user

Try first to run tkdvd/cdrecord as root.

Which would make it user-specific, and a pain with multiple users.

I've seen this listed as:
root : operator
using the "operator" group to grant permissions
(much better for multiple users).
.
 

If you already granted permission via /etc/devfs.conf then you don't need devfs.rules. You can't use devfs.conf if the filesystem is not available at the boot. For example an usb disk.

it's easy to check the permissions of /dev/cd0 ls -l /dev/cd0
crw-rw---- 1 root operator
 
Try first to run tkdvd/cdrecord as root.

root@ext:~ # tkdvd
application-specific initialization failed: no display name and no $DISPLAY environment variable
Error in startup script: invalid command name "wm"
while executing
"wm title . "TkDVD 4.0.9""
(file "/usr/local/bin/tkdvd" line 23)


ALSO..
root@ext:~ # cdrecord
cdrecord: No tracks specified. Need at least one.
Usage: cdrecord [options] track1...trackn

Use cdrecord -help
to get a list of valid options.

Use cdrecord blank=help
to get a list of valid blanking options.

Use cdrecord dev=b,t,l driveropts=help -checkdrive
to get a list of drive specific options.

Use cdrecord dev=help
to get a list of possible SCSI transport specifiers.
.
.
 
Try
Code:
su root

Looks like that may work.
Loads the TkDVD interface.
Go to burn an .iso, spits error/dialog as follows:
(Apparently the only error is missing DVD disk.)...

Error:
growisofs -dvd-compat -use-the-force-luke=tty -Z /dev/cd0=/usr/home/testingclient2/Downloads/krd.iso

:-( /dev/cd0: media is not recognized as recordable DVD: 9
Writing finished
.
 
Hi,

:-( /dev/cd0: media is not recognized as recordable DVD: 9

The number 9 is the SCSI/MMC profile which the drive offers with the medium.
9 means "CD-R", which growisofs does not support. It rather wants to see DVD
or BD media.
The number is actually formatted as hex. So a CD-RW would be mentioned as "A".

You could try with xorriso, which accepts most optical media and their states
(except formatted CD-RW and POW-formatted BD-R). For image burning use its
cdrecord emulation mode:

xorriso -as cdrecord -eject -tao dev=/dev/cd0 /usr/home/testingclient2/Downloads/krd.iso

Have a nice day :)

Thomas
 
Back
Top