[mythtv-users] Fwd: Re: Fwd: Re: Mythfrontend freezing and VDPAU?

Greg Oliver oliver.greg at gmail.com
Thu Mar 5 19:03:00 UTC 2020


On Thu, Mar 5, 2020 at 11:42 AM Allen Edwards <allen.p.edwards at gmail.com>
wrote:

>
>
> On Thu, Mar 5, 2020 at 8:50 AM Stephen Worthington <
> stephen_agent at jsw.gen.nz> wrote:
>
>> On Thu, 5 Mar 2020 07:19:49 -0800, you wrote:
>>
>>
>> >Thank you for this.  I have modified my killgui.sh file to add sudo
>> >
>> >
>> >*#!/bin/bash         while [  true  ]; do                sudo systemctl
>> >isolate multi-user.target                if [ $? -eq 0 ]; then
>> >       sudo systemctl isolate graphical.target                     exit 0
>> >              fi                sleep 1         done*
>> >
>> >I created a test file that will only run with root permissions and put it
>> >in /etc/sudoers.d/ and changed the permissions and it runs.
>> >*chown root:mythtv*
>> >*chmod ug=rx,o=*
>> >
>> >My plan is to wait until I have a real lockup and run the file manually.
>> >When that test is successful, I will modify* /home/dad/.mythtv/lircrc*
>> like
>> >this
>> >
>> >*config = /etc/sudoers.d/killgui.sh &*
>> >
>> >Hopefully I have this all correct.  Please let me know if I screwed
>> >anything up :-)
>> >
>> >Allen
>>
>> Looks like you have things a bit back to front there.  Either the
>> killgui.sh file needs to be run using sudo (and therefore needs an
>> sudoers.d entry to allow it to be run without a password), or
>> killgui.sh needs to call another file using sudo that can run
>> systemctl.  Killgui.sh can not directly run things using sudo.  And
>> the sudoers.d files are not executables - they are sudoer config files
>> that provide sudo permissions to the executables.
>>
>> So one way to do it would be to remove the sudo commands in killgui.sh
>> and run the whole of killgui.sh using sudo.  Then it can run systemctl
>> directly without sudo.
>>
>> Then you need to work out what user things will be run from when you
>> run them from a button in lirc, and set up the sudoers.d file for
>> killgui to allow it to be run from that user without a password.
>> Running the whoami command from the killgui script and storing the
>> output of it to a file in /tmp should show the username.  When that
>> logging is working, run it from a lirc button.
>>
>> So if killgui.sh is in /usr/local/bin and it will be run from user
>> lirc, then you would need a /etc/sudoers.d/killgui file that contains
>> something like this:
>>
>> lirc ALL=NOPASSWD:/usr/local/bin/killgui.sh
>>
>> The /etc/sudoers.d/killgui file must be chown root:root and chmod
>> u=r,g=r or it will be ignored.
>>
>> The killgui.sh file needs to be run using sudo, so the command in the
>> lirc config file would be something like this:
>>
>> config = sudo /usr/local/bin/killgui.sh &
>>
>> To do it the other way around, you would replace the sudo systemctl
>> commands in killgui.sh with calls to a helper script.  So
>> /usr/local/bin/killgui-helper.sh might look like this:
>>
>> #!/bin/bash
>>
>> if [ "$1" == "" ]; then
>>
>>     exit 1
>>
>> elif [ "$1" == "graphical" || [ "$1" == "multi-user" ]; then
>>
>>     # Execute systemctl isolate command on the specified target.
>>     systemctl isolate $1.target
>>
>> else
>>
>>     exit 2
>>
>> fi
>>
>> and in killgui.sh you would replace "sudo systemctl isolate
>> graphical.target" with:
>>
>>   sudo killgui-helper.sh graphical
>>
>> and you would have /etc/sudoers.d/killgui-helper with this:
>>
>> lirc ALL=NOPASSWD:/usr/local/bin/killgui-helper.sh
>>
>> and the lirc config would be:
>>
>> config = /usr/local/bin/killgui.sh &
>>
>> The second way is more complicated (it takes two scripts), but easier
>> to use as you can run killgui.sh directly from any user specified in
>> the sudoers.d file without using sudo.  So if you want to be able to
>> ssh into the MythTV box as user "dad", user "mythtv" or any user in
>> the "mythtv" group and run killgui.sh manually as well as via a lirc
>> button, your /etc/sudoers.d/killgui-helper file would look like this:
>>
>> lirc,dad,mythtv,%mythtv ALL=NOPASSWD:/usr/local/bin/killgui-helper.sh
>>
>>
> I see now that my test was not good as I had already entered my password
> in previous testing so the system did not ask me again when I did the test
> and thus I thought I had it nailed. I just tried again and password was
> requested so obviously I had it screwed up as feared and as you have
> pointed out.
>
> There obviously is a lot to learn on this sudoers thing that I do not
> understand. I will try the things you have suggested and see if I can
> figure it out.
>
> I am not concerned about being able to run the file from multiple users as
> I can just have multiple copies of the file.
>
> One question just to clarify. If my file is called  killgui.sh I think you
> are saying I would create a file
> */etc/sudoers.d/killgui*
> with this single line in it
> * lirc ALL=NOPASSWD:/usr/local/bin/killgui.sh  *
>
> This assumes I have figured out that the user is *lirc *as you suggested.
>
> I just want to verify that the file is called  */etc/sudoers.d/killgui*
> and not  */etc/sudoers.d/killgui.sh*
>

I modify my sudoers file by creating an entry for me:

## Greg Specific
Cmnd_Alias GREG = /usr/bin/journalctl, /usr/sbin/reboot,
/usr/sbin/shutdown, /usr/bin/dmesg, /bin/df, /usr/bin/sync, /usr/bin/htop,
/usr/bin/top, /usr/bin/adb, /usr/bin/fastboot

You get the idea - just put your specific commands (that will not as for a
password) into the list.

Then edit the wheel group (should be wheel on *buntu as well).

## Allows people in group wheel to run all commands
%wheel  ALL=(ALL)       ALL

## Same thing without a password
%wheel  ALL=(ALL)       NOPASSWD: GREG

Then in your lircrc, run the script with sudo in front of it and take the
sudo entries out of the script (or add systemctl to your list of sudo
commands and leave as-is) - it's all personal preference at this point.



> Thanks,
>
> Allen
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mythtv.org/pipermail/mythtv-users/attachments/20200305/58c2d269/attachment.htm>


More information about the mythtv-users mailing list