[mythtv-users] Fwd: Re: Fwd: Re: Mythfrontend freezing and VDPAU?

Greg Oliver oliver.greg at gmail.com
Thu Mar 5 20:03:22 UTC 2020 

On Thu, Mar 5, 2020 at 2:01 PM Greg Oliver <oliver.greg at gmail.com> wrote:

> Yes,
>
> It is easy to make sudo not ask for a password.  Figure out what group
> your myth user is in:
>
> `groups` -  it is common to use 'wheel' or 'sudo' for groups that have
> sudo access.
>
> Whatever groupid is in use on *buntu, find the line in /etc/sudoers that
> begins with :
>
> %groupid and change it to:
>
> %wheel  ALL=(ALL)       NOPASSWD: ALL
>

Sorry for the top post and if not obvious, the %wheel above needs to match
the group in use by Ubuntu.



> On Thu, Mar 5, 2020 at 1:46 PM Allen Edwards <allen.p.edwards at gmail.com>
> wrote:
>
>>
>>
>> On Thu, Mar 5, 2020 at 11:03 AM Greg Oliver <oliver.greg at gmail.com>
>> wrote:
>>
>>> On Thu, Mar 5, 2020 at 11:42 AM Allen Edwards <allen.p.edwards at gmail.com>
>>> wrote:
>>>
>>>>
>>>>
>>>> On Thu, Mar 5, 2020 at 8:50 AM Stephen Worthington <
>>>> stephen_agent at jsw.gen.nz> wrote:
>>>>
>>>>> On Thu, 5 Mar 2020 07:19:49 -0800, you wrote:
>>>>>
>>>>>
>>>>> >Thank you for this.  I have modified my killgui.sh file to add sudo
>>>>> >
>>>>> >
>>>>> >*#!/bin/bash         while [  true  ]; do                sudo
>>>>> systemctl
>>>>> >isolate multi-user.target                if [ $? -eq 0 ]; then
>>>>> >       sudo systemctl isolate graphical.target
>>>>>  exit 0
>>>>> >              fi                sleep 1         done*
>>>>> >
>>>>> >I created a test file that will only run with root permissions and
>>>>> put it
>>>>> >in /etc/sudoers.d/ and changed the permissions and it runs.
>>>>> >*chown root:mythtv*
>>>>> >*chmod ug=rx,o=*
>>>>> >
>>>>> >My plan is to wait until I have a real lockup and run the file
>>>>> manually.
>>>>> >When that test is successful, I will modify*
>>>>> /home/dad/.mythtv/lircrc* like
>>>>> >this
>>>>> >
>>>>> >*config = /etc/sudoers.d/killgui.sh &*
>>>>> >
>>>>> >Hopefully I have this all correct.  Please let me know if I screwed
>>>>> >anything up :-)
>>>>> >
>>>>> >Allen
>>>>>
>>>>> Looks like you have things a bit back to front there.  Either the
>>>>> killgui.sh file needs to be run using sudo (and therefore needs an
>>>>> sudoers.d entry to allow it to be run without a password), or
>>>>> killgui.sh needs to call another file using sudo that can run
>>>>> systemctl.  Killgui.sh can not directly run things using sudo.  And
>>>>> the sudoers.d files are not executables - they are sudoer config files
>>>>> that provide sudo permissions to the executables.
>>>>>
>>>>> So one way to do it would be to remove the sudo commands in killgui.sh
>>>>> and run the whole of killgui.sh using sudo.  Then it can run systemctl
>>>>> directly without sudo.
>>>>>
>>>>> Then you need to work out what user things will be run from when you
>>>>> run them from a button in lirc, and set up the sudoers.d file for
>>>>> killgui to allow it to be run from that user without a password.
>>>>> Running the whoami command from the killgui script and storing the
>>>>> output of it to a file in /tmp should show the username.  When that
>>>>> logging is working, run it from a lirc button.
>>>>>
>>>>> So if killgui.sh is in /usr/local/bin and it will be run from user
>>>>> lirc, then you would need a /etc/sudoers.d/killgui file that contains
>>>>> something like this:
>>>>>
>>>>> lirc ALL=NOPASSWD:/usr/local/bin/killgui.sh
>>>>>
>>>>> The /etc/sudoers.d/killgui file must be chown root:root and chmod
>>>>> u=r,g=r or it will be ignored.
>>>>>
>>>>> The killgui.sh file needs to be run using sudo, so the command in the
>>>>> lirc config file would be something like this:
>>>>>
>>>>> config = sudo /usr/local/bin/killgui.sh &
>>>>>
>>>>> To do it the other way around, you would replace the sudo systemctl
>>>>> commands in killgui.sh with calls to a helper script.  So
>>>>> /usr/local/bin/killgui-helper.sh might look like this:
>>>>>
>>>>> #!/bin/bash
>>>>>
>>>>> if [ "$1" == "" ]; then
>>>>>
>>>>>     exit 1
>>>>>
>>>>> elif [ "$1" == "graphical" || [ "$1" == "multi-user" ]; then
>>>>>
>>>>>     # Execute systemctl isolate command on the specified target.
>>>>>     systemctl isolate $1.target
>>>>>
>>>>> else
>>>>>
>>>>>     exit 2
>>>>>
>>>>> fi
>>>>>
>>>>> and in killgui.sh you would replace "sudo systemctl isolate
>>>>> graphical.target" with:
>>>>>
>>>>>   sudo killgui-helper.sh graphical
>>>>>
>>>>> and you would have /etc/sudoers.d/killgui-helper with this:
>>>>>
>>>>> lirc ALL=NOPASSWD:/usr/local/bin/killgui-helper.sh
>>>>>
>>>>> and the lirc config would be:
>>>>>
>>>>> config = /usr/local/bin/killgui.sh &
>>>>>
>>>>> The second way is more complicated (it takes two scripts), but easier
>>>>> to use as you can run killgui.sh directly from any user specified in
>>>>> the sudoers.d file without using sudo.  So if you want to be able to
>>>>> ssh into the MythTV box as user "dad", user "mythtv" or any user in
>>>>> the "mythtv" group and run killgui.sh manually as well as via a lirc
>>>>> button, your /etc/sudoers.d/killgui-helper file would look like this:
>>>>>
>>>>> lirc,dad,mythtv,%mythtv ALL=NOPASSWD:/usr/local/bin/killgui-helper.sh
>>>>>
>>>>>
>>>> I see now that my test was not good as I had already entered my
>>>> password in previous testing so the system did not ask me again when I did
>>>> the test and thus I thought I had it nailed. I just tried again and
>>>> password was requested so obviously I had it screwed up as feared and as
>>>> you have pointed out.
>>>>
>>>> There obviously is a lot to learn on this sudoers thing that I do not
>>>> understand. I will try the things you have suggested and see if I can
>>>> figure it out.
>>>>
>>>> I am not concerned about being able to run the file from multiple users
>>>> as I can just have multiple copies of the file.
>>>>
>>>> One question just to clarify. If my file is called  killgui.sh I think
>>>> you are saying I would create a file
>>>> */etc/sudoers.d/killgui*
>>>> with this single line in it
>>>> * lirc ALL=NOPASSWD:/usr/local/bin/killgui.sh  *
>>>>
>>>> This assumes I have figured out that the user is *lirc *as you
>>>> suggested.
>>>>
>>>> I just want to verify that the file is called  */etc/sudoers.d/killgui*
>>>> and not  */etc/sudoers.d/killgui.sh*
>>>>
>>>
>>> I modify my sudoers file by creating an entry for me:
>>>
>>> ## Greg Specific
>>> Cmnd_Alias GREG = /usr/bin/journalctl, /usr/sbin/reboot,
>>> /usr/sbin/shutdown, /usr/bin/dmesg, /bin/df, /usr/bin/sync, /usr/bin/htop,
>>> /usr/bin/top, /usr/bin/adb, /usr/bin/fastboot
>>>
>>> You get the idea - just put your specific commands (that will not as for
>>> a password) into the list.
>>>
>>> Then edit the wheel group (should be wheel on *buntu as well).
>>>
>>> ## Allows people in group wheel to run all commands
>>> %wheel  ALL=(ALL)       ALL
>>>
>>> ## Same thing without a password
>>> %wheel  ALL=(ALL)       NOPASSWD: GREG
>>>
>>> Then in your lircrc, run the script with sudo in front of it and take
>>> the sudo entries out of the script (or add systemctl to your list of sudo
>>> commands and leave as-is) - it's all personal preference at this point.
>>>
>>>
>>>
>>>> Thanks,
>>>>
>>>> Allen
>>>>
>>> _______________________________________________
>>>
>>
>>  Are you saying that I can just add  systemctl to a list somewhere and it
>> won't ask for a password?  This computer is an appliance with no users
>> except myth and what I do to maintain it. If I could make it so sudo
>> doesn't require a password I would. So making  systemctl not require a
>> password seems like a nice compromise. Could I then just run my script from
>> anywhere and it would just run?
>>
>> So where do I put the command and what it is? Please be specific. I have
>> used Linux since Red Hat 4 and used to run a web server in my back room but
>> my knowledge is both limited and mostly out of date. I am a C, java, and
>> php programmer (EE by training) but this system and shell stuff has me
>> pretty lost. I really appreciate the help you all are giving me. Thank you.
>>
>> Allen
>> _______________________________________________
>> mythtv-users mailing list
>> mythtv-users at mythtv.org
>> http://lists.mythtv.org/mailman/listinfo/mythtv-users
>> http://wiki.mythtv.org/Mailing_List_etiquette
>> MythTV Forums: https://forum.mythtv.org
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mythtv.org/pipermail/mythtv-users/attachments/20200305/45c62f90/attachment.htm>

More information about the mythtv-users mailing list