[mythtv-users] Fwd: Re: Fwd: Re: Mythfrontend freezing and VDPAU?

Allen Edwards allen.p.edwards at gmail.com
Thu Mar 5 19:44:19 UTC 2020


On Thu, Mar 5, 2020 at 11:03 AM Greg Oliver <oliver.greg at gmail.com> wrote:

> On Thu, Mar 5, 2020 at 11:42 AM Allen Edwards <allen.p.edwards at gmail.com>
> wrote:
>
>>
>>
>> On Thu, Mar 5, 2020 at 8:50 AM Stephen Worthington <
>> stephen_agent at jsw.gen.nz> wrote:
>>
>>> On Thu, 5 Mar 2020 07:19:49 -0800, you wrote:
>>>
>>>
>>> >Thank you for this.  I have modified my killgui.sh file to add sudo
>>> >
>>> >
>>> >*#!/bin/bash         while [  true  ]; do                sudo systemctl
>>> >isolate multi-user.target                if [ $? -eq 0 ]; then
>>> >       sudo systemctl isolate graphical.target                     exit
>>> 0
>>> >              fi                sleep 1         done*
>>> >
>>> >I created a test file that will only run with root permissions and put
>>> it
>>> >in /etc/sudoers.d/ and changed the permissions and it runs.
>>> >*chown root:mythtv*
>>> >*chmod ug=rx,o=*
>>> >
>>> >My plan is to wait until I have a real lockup and run the file manually.
>>> >When that test is successful, I will modify* /home/dad/.mythtv/lircrc*
>>> like
>>> >this
>>> >
>>> >*config = /etc/sudoers.d/killgui.sh &*
>>> >
>>> >Hopefully I have this all correct.  Please let me know if I screwed
>>> >anything up :-)
>>> >
>>> >Allen
>>>
>>> Looks like you have things a bit back to front there.  Either the
>>> killgui.sh file needs to be run using sudo (and therefore needs an
>>> sudoers.d entry to allow it to be run without a password), or
>>> killgui.sh needs to call another file using sudo that can run
>>> systemctl.  Killgui.sh can not directly run things using sudo.  And
>>> the sudoers.d files are not executables - they are sudoer config files
>>> that provide sudo permissions to the executables.
>>>
>>> So one way to do it would be to remove the sudo commands in killgui.sh
>>> and run the whole of killgui.sh using sudo.  Then it can run systemctl
>>> directly without sudo.
>>>
>>> Then you need to work out what user things will be run from when you
>>> run them from a button in lirc, and set up the sudoers.d file for
>>> killgui to allow it to be run from that user without a password.
>>> Running the whoami command from the killgui script and storing the
>>> output of it to a file in /tmp should show the username.  When that
>>> logging is working, run it from a lirc button.
>>>
>>> So if killgui.sh is in /usr/local/bin and it will be run from user
>>> lirc, then you would need a /etc/sudoers.d/killgui file that contains
>>> something like this:
>>>
>>> lirc ALL=NOPASSWD:/usr/local/bin/killgui.sh
>>>
>>> The /etc/sudoers.d/killgui file must be chown root:root and chmod
>>> u=r,g=r or it will be ignored.
>>>
>>> The killgui.sh file needs to be run using sudo, so the command in the
>>> lirc config file would be something like this:
>>>
>>> config = sudo /usr/local/bin/killgui.sh &
>>>
>>> To do it the other way around, you would replace the sudo systemctl
>>> commands in killgui.sh with calls to a helper script.  So
>>> /usr/local/bin/killgui-helper.sh might look like this:
>>>
>>> #!/bin/bash
>>>
>>> if [ "$1" == "" ]; then
>>>
>>>     exit 1
>>>
>>> elif [ "$1" == "graphical" || [ "$1" == "multi-user" ]; then
>>>
>>>     # Execute systemctl isolate command on the specified target.
>>>     systemctl isolate $1.target
>>>
>>> else
>>>
>>>     exit 2
>>>
>>> fi
>>>
>>> and in killgui.sh you would replace "sudo systemctl isolate
>>> graphical.target" with:
>>>
>>>   sudo killgui-helper.sh graphical
>>>
>>> and you would have /etc/sudoers.d/killgui-helper with this:
>>>
>>> lirc ALL=NOPASSWD:/usr/local/bin/killgui-helper.sh
>>>
>>> and the lirc config would be:
>>>
>>> config = /usr/local/bin/killgui.sh &
>>>
>>> The second way is more complicated (it takes two scripts), but easier
>>> to use as you can run killgui.sh directly from any user specified in
>>> the sudoers.d file without using sudo.  So if you want to be able to
>>> ssh into the MythTV box as user "dad", user "mythtv" or any user in
>>> the "mythtv" group and run killgui.sh manually as well as via a lirc
>>> button, your /etc/sudoers.d/killgui-helper file would look like this:
>>>
>>> lirc,dad,mythtv,%mythtv ALL=NOPASSWD:/usr/local/bin/killgui-helper.sh
>>>
>>>
>> I see now that my test was not good as I had already entered my password
>> in previous testing so the system did not ask me again when I did the test
>> and thus I thought I had it nailed. I just tried again and password was
>> requested so obviously I had it screwed up as feared and as you have
>> pointed out.
>>
>> There obviously is a lot to learn on this sudoers thing that I do not
>> understand. I will try the things you have suggested and see if I can
>> figure it out.
>>
>> I am not concerned about being able to run the file from multiple users
>> as I can just have multiple copies of the file.
>>
>> One question just to clarify. If my file is called  killgui.sh I think
>> you are saying I would create a file
>> */etc/sudoers.d/killgui*
>> with this single line in it
>> * lirc ALL=NOPASSWD:/usr/local/bin/killgui.sh  *
>>
>> This assumes I have figured out that the user is *lirc *as you suggested.
>>
>> I just want to verify that the file is called  */etc/sudoers.d/killgui*
>> and not  */etc/sudoers.d/killgui.sh*
>>
>
> I modify my sudoers file by creating an entry for me:
>
> ## Greg Specific
> Cmnd_Alias GREG = /usr/bin/journalctl, /usr/sbin/reboot,
> /usr/sbin/shutdown, /usr/bin/dmesg, /bin/df, /usr/bin/sync, /usr/bin/htop,
> /usr/bin/top, /usr/bin/adb, /usr/bin/fastboot
>
> You get the idea - just put your specific commands (that will not as for a
> password) into the list.
>
> Then edit the wheel group (should be wheel on *buntu as well).
>
> ## Allows people in group wheel to run all commands
> %wheel  ALL=(ALL)       ALL
>
> ## Same thing without a password
> %wheel  ALL=(ALL)       NOPASSWD: GREG
>
> Then in your lircrc, run the script with sudo in front of it and take the
> sudo entries out of the script (or add systemctl to your list of sudo
> commands and leave as-is) - it's all personal preference at this point.
>
>
>
>> Thanks,
>>
>> Allen
>>
> _______________________________________________
>

 Are you saying that I can just add  systemctl to a list somewhere and it
won't ask for a password?  This computer is an appliance with no users
except myth and what I do to maintain it. If I could make it so sudo
doesn't require a password I would. So making  systemctl not require a
password seems like a nice compromise. Could I then just run my script from
anywhere and it would just run?

So where do I put the command and what it is? Please be specific. I have
used Linux since Red Hat 4 and used to run a web server in my back room but
my knowledge is both limited and mostly out of date. I am a C, java, and
php programmer (EE by training) but this system and shell stuff has me
pretty lost. I really appreciate the help you all are giving me. Thank you.

Allen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mythtv.org/pipermail/mythtv-users/attachments/20200305/ce72cf13/attachment.htm>


More information about the mythtv-users mailing list