[mythtv-users] Fwd: Re: Fwd: Re: Mythfrontend freezing and VDPAU?
Greg Oliver
oliver.greg at gmail.com
Thu Mar 5 20:01:13 UTC 2020
Yes,
It is easy to make sudo not ask for a password. Figure out what group your
myth user is in:
`groups` - it is common to use 'wheel' or 'sudo' for groups that have sudo
access.
Whatever groupid is in use on *buntu, find the line in /etc/sudoers that
begins with :
%groupid and change it to:
%wheel ALL=(ALL) NOPASSWD: ALL
On Thu, Mar 5, 2020 at 1:46 PM Allen Edwards <allen.p.edwards at gmail.com>
wrote:
>
>
> On Thu, Mar 5, 2020 at 11:03 AM Greg Oliver <oliver.greg at gmail.com> wrote:
>
>> On Thu, Mar 5, 2020 at 11:42 AM Allen Edwards <allen.p.edwards at gmail.com>
>> wrote:
>>
>>>
>>>
>>> On Thu, Mar 5, 2020 at 8:50 AM Stephen Worthington <
>>> stephen_agent at jsw.gen.nz> wrote:
>>>
>>>> On Thu, 5 Mar 2020 07:19:49 -0800, you wrote:
>>>>
>>>>
>>>> >Thank you for this. I have modified my killgui.sh file to add sudo
>>>> >
>>>> >
>>>> >*#!/bin/bash while [ true ]; do sudo systemctl
>>>> >isolate multi-user.target if [ $? -eq 0 ]; then
>>>> > sudo systemctl isolate graphical.target
>>>> exit 0
>>>> > fi sleep 1 done*
>>>> >
>>>> >I created a test file that will only run with root permissions and put
>>>> it
>>>> >in /etc/sudoers.d/ and changed the permissions and it runs.
>>>> >*chown root:mythtv*
>>>> >*chmod ug=rx,o=*
>>>> >
>>>> >My plan is to wait until I have a real lockup and run the file
>>>> manually.
>>>> >When that test is successful, I will modify* /home/dad/.mythtv/lircrc*
>>>> like
>>>> >this
>>>> >
>>>> >*config = /etc/sudoers.d/killgui.sh &*
>>>> >
>>>> >Hopefully I have this all correct. Please let me know if I screwed
>>>> >anything up :-)
>>>> >
>>>> >Allen
>>>>
>>>> Looks like you have things a bit back to front there. Either the
>>>> killgui.sh file needs to be run using sudo (and therefore needs an
>>>> sudoers.d entry to allow it to be run without a password), or
>>>> killgui.sh needs to call another file using sudo that can run
>>>> systemctl. Killgui.sh can not directly run things using sudo. And
>>>> the sudoers.d files are not executables - they are sudoer config files
>>>> that provide sudo permissions to the executables.
>>>>
>>>> So one way to do it would be to remove the sudo commands in killgui.sh
>>>> and run the whole of killgui.sh using sudo. Then it can run systemctl
>>>> directly without sudo.
>>>>
>>>> Then you need to work out what user things will be run from when you
>>>> run them from a button in lirc, and set up the sudoers.d file for
>>>> killgui to allow it to be run from that user without a password.
>>>> Running the whoami command from the killgui script and storing the
>>>> output of it to a file in /tmp should show the username. When that
>>>> logging is working, run it from a lirc button.
>>>>
>>>> So if killgui.sh is in /usr/local/bin and it will be run from user
>>>> lirc, then you would need a /etc/sudoers.d/killgui file that contains
>>>> something like this:
>>>>
>>>> lirc ALL=NOPASSWD:/usr/local/bin/killgui.sh
>>>>
>>>> The /etc/sudoers.d/killgui file must be chown root:root and chmod
>>>> u=r,g=r or it will be ignored.
>>>>
>>>> The killgui.sh file needs to be run using sudo, so the command in the
>>>> lirc config file would be something like this:
>>>>
>>>> config = sudo /usr/local/bin/killgui.sh &
>>>>
>>>> To do it the other way around, you would replace the sudo systemctl
>>>> commands in killgui.sh with calls to a helper script. So
>>>> /usr/local/bin/killgui-helper.sh might look like this:
>>>>
>>>> #!/bin/bash
>>>>
>>>> if [ "$1" == "" ]; then
>>>>
>>>> exit 1
>>>>
>>>> elif [ "$1" == "graphical" || [ "$1" == "multi-user" ]; then
>>>>
>>>> # Execute systemctl isolate command on the specified target.
>>>> systemctl isolate $1.target
>>>>
>>>> else
>>>>
>>>> exit 2
>>>>
>>>> fi
>>>>
>>>> and in killgui.sh you would replace "sudo systemctl isolate
>>>> graphical.target" with:
>>>>
>>>> sudo killgui-helper.sh graphical
>>>>
>>>> and you would have /etc/sudoers.d/killgui-helper with this:
>>>>
>>>> lirc ALL=NOPASSWD:/usr/local/bin/killgui-helper.sh
>>>>
>>>> and the lirc config would be:
>>>>
>>>> config = /usr/local/bin/killgui.sh &
>>>>
>>>> The second way is more complicated (it takes two scripts), but easier
>>>> to use as you can run killgui.sh directly from any user specified in
>>>> the sudoers.d file without using sudo. So if you want to be able to
>>>> ssh into the MythTV box as user "dad", user "mythtv" or any user in
>>>> the "mythtv" group and run killgui.sh manually as well as via a lirc
>>>> button, your /etc/sudoers.d/killgui-helper file would look like this:
>>>>
>>>> lirc,dad,mythtv,%mythtv ALL=NOPASSWD:/usr/local/bin/killgui-helper.sh
>>>>
>>>>
>>> I see now that my test was not good as I had already entered my password
>>> in previous testing so the system did not ask me again when I did the test
>>> and thus I thought I had it nailed. I just tried again and password was
>>> requested so obviously I had it screwed up as feared and as you have
>>> pointed out.
>>>
>>> There obviously is a lot to learn on this sudoers thing that I do not
>>> understand. I will try the things you have suggested and see if I can
>>> figure it out.
>>>
>>> I am not concerned about being able to run the file from multiple users
>>> as I can just have multiple copies of the file.
>>>
>>> One question just to clarify. If my file is called killgui.sh I think
>>> you are saying I would create a file
>>> */etc/sudoers.d/killgui*
>>> with this single line in it
>>> * lirc ALL=NOPASSWD:/usr/local/bin/killgui.sh *
>>>
>>> This assumes I have figured out that the user is *lirc *as you
>>> suggested.
>>>
>>> I just want to verify that the file is called */etc/sudoers.d/killgui*
>>> and not */etc/sudoers.d/killgui.sh*
>>>
>>
>> I modify my sudoers file by creating an entry for me:
>>
>> ## Greg Specific
>> Cmnd_Alias GREG = /usr/bin/journalctl, /usr/sbin/reboot,
>> /usr/sbin/shutdown, /usr/bin/dmesg, /bin/df, /usr/bin/sync, /usr/bin/htop,
>> /usr/bin/top, /usr/bin/adb, /usr/bin/fastboot
>>
>> You get the idea - just put your specific commands (that will not as for
>> a password) into the list.
>>
>> Then edit the wheel group (should be wheel on *buntu as well).
>>
>> ## Allows people in group wheel to run all commands
>> %wheel ALL=(ALL) ALL
>>
>> ## Same thing without a password
>> %wheel ALL=(ALL) NOPASSWD: GREG
>>
>> Then in your lircrc, run the script with sudo in front of it and take the
>> sudo entries out of the script (or add systemctl to your list of sudo
>> commands and leave as-is) - it's all personal preference at this point.
>>
>>
>>
>>> Thanks,
>>>
>>> Allen
>>>
>> _______________________________________________
>>
>
> Are you saying that I can just add systemctl to a list somewhere and it
> won't ask for a password? This computer is an appliance with no users
> except myth and what I do to maintain it. If I could make it so sudo
> doesn't require a password I would. So making systemctl not require a
> password seems like a nice compromise. Could I then just run my script from
> anywhere and it would just run?
>
> So where do I put the command and what it is? Please be specific. I have
> used Linux since Red Hat 4 and used to run a web server in my back room but
> my knowledge is both limited and mostly out of date. I am a C, java, and
> php programmer (EE by training) but this system and shell stuff has me
> pretty lost. I really appreciate the help you all are giving me. Thank you.
>
> Allen
> _______________________________________________
> mythtv-users mailing list
> mythtv-users at mythtv.org
> http://lists.mythtv.org/mailman/listinfo/mythtv-users
> http://wiki.mythtv.org/Mailing_List_etiquette
> MythTV Forums: https://forum.mythtv.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mythtv.org/pipermail/mythtv-users/attachments/20200305/8bf70ac1/attachment.htm>
More information about the mythtv-users
mailing list