[mythtv-users] Powering off computer as non-root

Piers Kittel mythtv at biased.org
Tue Dec 27 20:59:41 EST 2005


Well, I don't have KDE or Gnome installed :)  Only Windowmaker and FVWM 
but they aren't used.  My .xinitrc just has a few "xset" lines in and 
the path to the mythfrontend binary itself and nothing else.  When I 
used FVWM as window manager it windowed the video playback which annoyed 
me - removing FVWM as window manager sorted it.

Look, no "windowmaker" or "fvwm" in ps aux:

piers at hinata:~$ ps aux
USER       PID %CPU %MEM   VSZ  RSS TTY      STAT START   TIME COMMAND
root         1  7.6  0.1  1492  504 ?        S    01:52   0:04 init [2] 

root         2  0.0  0.0     0    0 ?        S    01:52   0:00 [keventd]
root         3  0.0  0.0     0    0 ?        SN   01:52   0:00 
[ksoftirqd_CPU0]
root         4  0.0  0.0     0    0 ?        S    01:52   0:00 [kswapd]
root         5  0.0  0.0     0    0 ?        S    01:52   0:00 [bdflush]
root         6  0.0  0.0     0    0 ?        S    01:52   0:00 [kupdated]
root         8  0.2  0.0     0    0 ?        S    01:52   0:00 [rpciod]
root       318  0.0  0.0     0    0 ?        S    01:53   0:00 [khubd]
root       420  0.0  0.3  2360  864 ?        Ss   01:53   0:00 dhclient 
-e -pf /var/run/dhclient.eth0.pid -lf /var/run/dhclient.eth0.leases eth0
daemon     425  0.0  0.1  1608  448 ?        Ss   01:53   0:00 /sbin/portmap
root       586  0.0  0.3  2244  804 ?        Ss   01:53   0:00 /sbin/syslogd
root       589  0.0  0.2  1492  560 ?        Ss   01:53   0:00 /sbin/klogd
root       597  0.0  0.2  2220  724 ?        Ss   01:53   0:00 
/usr/sbin/inetd
root       605  0.0  0.6  3720 1552 ?        Ss   01:53   0:00 
/usr/sbin/sshd
daemon     613  0.0  0.2  1672  636 ?        Ss   01:53   0:00 /usr/sbin/atd
root       616  0.0  0.2  1748  724 ?        Ss   01:53   0:00 
/usr/sbin/cron
piers      622  0.0  0.4  2464 1152 vc/1     Ss+  01:53   0:00 /bin/sh 
/etc/init.d/mythfrontend_startup
root       623  0.0  0.1  1484  476 vc/2     Ss+  01:53   0:00 
/sbin/getty 38400 vc/2
piers      624  0.0  0.4  2472 1188 vc/1     S+   01:53   0:00 /bin/sh 
/usr/X11R6/bin/startx
piers      635  0.0  0.2  2360  636 vc/1     S+   01:53   0:00 xinit 
/home/piers/.xinitrc -- /usr/X11R6/lib/X11/xinit/xserverrc
root       636  7.0 11.0 38128 28268 ?       S<L  01:53   0:02 
/usr/bin/X11/X -dpi 100 -nolisten tcp
piers      640  0.0  0.4  2456 1144 vc/1     S    01:53   0:00 /bin/sh 
/home/piers/.xinitrc
piers      644 31.4 37.4 118848 96016 vc/1   S    01:53   0:09 
/usr/local/bin/mythfrontend
piers      647  0.0 37.4 118848 96016 vc/1   S    01:53   0:00 
/usr/local/bin/mythfrontend
piers      648  0.0 37.4 118848 96016 vc/1   S    01:53   0:00 
/usr/local/bin/mythfrontend
root       649  0.1  0.8  7176 2172 ?        Ss   01:53   0:00 sshd: 
piers [priv]
root       651  0.0  0.8  7176 2172 ?        S    01:53   0:00 sshd: 
piers [priv]
piers      655  0.0  0.8  7184 2240 ?        S    01:53   0:00 sshd: 
piers at pts/0
piers      656  0.1  0.6  2984 1648 pts/0    Ss   01:53   0:00 -bash
piers      665  0.0  0.3  2480  860 pts/0    R+   01:53   0:00 ps aux
piers at hinata:~$

But if I add in fvwm in my .xinitrc file, I get all the above again, but 
also the following line from ps aux:

piers      686  1.1  0.9  4924 2436 vc/1     S    01:55   0:00 /usr/bin/fvwm

But I don't need fvwm, so I remove it from my .xinitrc file.  Still 
works, and don't have the windowing problem.  Acutally it's probably 
fixable, but I don't strictly need a window manager.

Actually I think you can say "You're using Mythfrontend as a 
display/window manager"

It doesn't matter anyway, the frontend calls "halt" to power off as 
default - and I've added in so that sudo allows the user that runs the 
frontend to run halt without entering the password.  Works fine.  Sure, 
someone can log in as "piers" and call the halt command via sudo, but 
it's a dedicated frontend machine, who cares? ;)

Cheers - Piers

Jonathan Tidmore wrote:
> If you are using X, then you are still using a display manager whether 
> or not you have automatic login.  If you want to be able to shutdown 
> from mythfrontend, then you need to match you display manager with your 
> desktop manager.  i.e. kdm if using kde or gdm if using gnome.
> 
> KDE and Gnome tie into their display manager's admin access to shutdown 
> or restart the server.
> 
> So if you're using KDE, use KDM and then you can shutdown your server.
> 
> To use KDM edit /etc/sysconfig/desktop and add:
> 
> DISPLAYMANAGER="KDE"
> 
> 
> On 12/27/05, *Piers Kittel* < mythtv at biased.org 
> <mailto:mythtv at biased.org>> wrote:
> 
>     No display manager and not using KDE.
> 
>     When the computer boots up, it loads mythfrontend on its own.  No
>     log in
>     manager, nothing.  It's intended to be used only for a frontend in my
>     bedroom, so no big deal if someone hacked in and powered the frontend
>     off - very unlikely anyway.
> 
>     Hmm.  But then again, the files for the frontend is on the server
>     (diskless frontend using netboot you see) so the halt command is open to
>     all on the server....  best check that then!  Hmm, I seem to be able to
>     access halt via my server as a non-root user - not going to actually
>     invoke the command though!  Maybe best to move the halt command
>     somewhere else, rename it to something like "fluffy_teddies" - no-one'll
>     find it...?
> 
>     Cheers - Piers
> 
>     Jonathan Tidmore wrote:
>      > Are you using kde?  Which Display Manager are you using?  GDM,
>     KDM, XDM?
>      >
>      > chmod +s /sbin/halt is not a good idea.
>      >
>      > On 12/27/05, *R. Geoffrey Newbury* < newbury at mandamus.org
>     <mailto:newbury at mandamus.org>
>      > <mailto:newbury at mandamus.org <mailto:newbury at mandamus.org>>> wrote:
>      >
>      >     On Tue, 27 Dec 2005 01:58:15 +0000, Piers Kittel wrote:
>      >
>      >      >Hello all,
>      >      >
>      >      >Mythfrontend is set to turn off my computer using the
>     command "halt".
>      >      >Mythfrontend is run as an non-root user - in this case user
>      >     "piers" - so
>      >      >when I try to exit MythTV, and I select "Yes, exit and
>     shutdown" - it
>      >      >jsut says "Command not found".  Obviously this command
>     isn't available
>      >      >to non-root users.  So how do I enable the user "piers" to
>     be able to
>      >      >shut down the computer without opening up too many obvious
>      >     security holes?
>      >
>      >     put a copy of the program in /home/piers or /home/mythtv as
>      >     applicable and
>      >     chmod it so that user 'piers'  or 'mythtv' can execute it.
>      >
>      >     If user mythtv "owns" mythfrontend, then only mythtv and root
>     will
>      >     be able
>      >     to execute the shutdown.
>      >
>      >     Geoff
>      >
>      >     R. Geoffrey Newbury                          
>     newbury at mandamus.org <mailto:newbury at mandamus.org>
>      >     <mailto:newbury at mandamus.org <mailto:newbury at mandamus.org>>
>      >     Barrister and Solicitor                         Telephone:
>     905-271-9600
>      >     Mississauga,Ontario, Canada              Facsimile:  
>     905-271-1638
>      >
>      >     _______________________________________________
>      >     mythtv-users mailing list
>      >     mythtv-users at mythtv.org <mailto:mythtv-users at mythtv.org>
>     <mailto:mythtv-users at mythtv.org <mailto:mythtv-users at mythtv.org>>
>      >     http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users
>     <http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users>
>      >
>      >
>      >
>      >
>      > --
>      > Jonathan Tidmore
>      >
>      >
>      >
>     ------------------------------------------------------------------------
>      >
>      > _______________________________________________
>      > mythtv-users mailing list
>      > mythtv-users at mythtv.org <mailto:mythtv-users at mythtv.org>
>      > http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users
>     <http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users>
>     _______________________________________________
>     mythtv-users mailing list
>     mythtv-users at mythtv.org <mailto:mythtv-users at mythtv.org>
>     http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users
> 
> 
> 
> 
> -- 
> Jonathan Tidmore
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> mythtv-users mailing list
> mythtv-users at mythtv.org
> http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users


More information about the mythtv-users mailing list