# Optical drives, devfs.rules, security and running a perl script via rc



## skunk (Mar 14, 2022)

The sysutils/k3b package notes state:


			
				sysutils/k3b package notes said:
			
		

> d. Every user who should be able to use k3b must have read and write access
> to all pass through devices connected with CD and DVD drives and to the
> /dev/xpt0 device. Run 'camcontrol devlist' to identify those devices (seek
> string 'passX' at the end of each line). Note, that this is a security
> leak as well but that there is no alternative!


This says you need to allow access for the optical drive(s) and the pass through devices associated with them.



			
				sysutils/k3b package notes said:
			
		

> #    - add to your /etc/devfs.rules under '[system=10]':
> #        [...]
> #        add path 'pass*' mode 660 group XXX


However the instructions above do way more. They open _all_ pass through devices, not only those needed for the optical drives.

This is the reason why the Skunk Installer identifies the according cd<n> and pass<n> devices and opens up _only_ these.
However, these associations are likely to change when disks etc are being removed or added.

To avoid having all pass through devices open, it thus is necessary to run a /usr/local/etc/rc.d/ script that makes sure the mapping is _always_ correct for using k3b etc.
I only found one thread in the forums regarding this task, and the handbook doesn't help much there either.

It is a while ago I tried (unsuccessfully) to run a perl script via a rc script, and so I am asking for some hand-holding before I try anew.
The question now is how to write the rc script so it runs my perl script, which takes care of updating devfs.rules if necessary.
(Btw, please don't tell me to write a shell script instead. Because, one of the things I have no desire to learn in my life is writing shell scripts.)

```
!/bin/sh
#
# PROVIDE: fixpassthrough
# REQUIRE: ???
# KEYWORD: ???

. /etc/rc.subr
name="fixpassthrough"
rcvar=${name}_enable
fixpassthrough_enable=${fixpassthrough_enable-"NO"}
start_cmd="fixpassthrough_start"

fixpassthrough_start()
{
        echo "Starting fixpassthrough"
        PERL="env perl"
        ${PERL} /usr/local/bin/fixpassthrough
}

load_rc_config $name
run_rc_command "$1"
```
So my questions regarding this snippet above are:
- how make it successfully call the perl interpreter to run the fixpassthrough perl script?
- ideally, how make sure it runs before the devfs service gets started (so that the latter does not need to be restarted)


----------

