[mythtv-users] Fwd: Re: Fwd: Re: Mythfrontend freezing and VDPAU?
Allen Edwards
allen.p.edwards at gmail.com
Fri Mar 6 06:56:09 UTC 2020
>
> As long as lirc is not switching users when it runs things, then there
> should be no need to use sudoers! Arrgh! I would still want to test
> it by getting lirc to run a script that runs whoami though. It is
> possible for a program to run things as a different user with lesser
> permissions. That is a fairly common trick for daemons that are run
> as root.
>
> Lircd is run from systemd. To find its status:
>
> sudo systemctl status lircd
>
> ? lircd.service - Flexible IR remote input/output application support
> Loaded: loaded (/lib/systemd/system/lircd.service; enabled; vendor
> preset: enabled)
> Active: active (running) since Wed 2020-02-19 05:09:37 NZDT; 2
> weeks 2 days ago
> Docs: man:lircd(8)
> http://lirc.org/html/configure.html
> Main PID: 2345 (lircd)
> Tasks: 2 (limit: 4915)
> CGroup: /system.slice/lircd.service
> +-2345 /usr/sbin/lircd --nodaemon
>
> Mar 02 06:45:04 mypvr lircd[2345]: lircd-0.10.0[2345]: Notice:
> accepted new client on /var/run/lirc/lircd
> Mar 02 06:45:04 mypvr lircd[2345]: lircd-0.10.0[2345]: Info:
> initializing '/dev/input/event12'
> Mar 02 06:45:04 mypvr lircd[2345]: lircd-0.10.0[2345]: Info: Using
> device: /dev/input/event12
> Mar 02 06:45:04 mypvr lircd-0.10.0[2345]: Notice: accepted new client
> on /var/run/lirc/lircd
> Mar 02 06:45:04 mypvr lircd-0.10.0[2345]: Info: initializing
> '/dev/input/event12'
> Mar 02 06:45:04 mypvr lircd-0.10.0[2345]: Info: Using device:
> /dev/input/event12
> Mar 02 06:46:04 mypvr lircd[2345]: lircd-0.10.0[2345]: Notice:
> accepted new client on /var/run/lirc/lircd
> Mar 02 06:46:04 mypvr lircd-0.10.0[2345]: Notice: accepted new client
> on /var/run/lirc/lircd
> Mar 02 06:46:30 mypvr lircd[2345]: lircd-0.10.0[2345]: Info: removed
> client
> Mar 02 06:46:30 mypvr lircd-0.10.0[2345]: Info: removed client
>
> and to see its control files:
>
> sudo systemctl cat lircd
>
> # /lib/systemd/system/lircd.service
> [Unit]
> Documentation=man:lircd(8)
> Documentation=http://lirc.org/html/configure.html
> Description=Flexible IR remote input/output application support
> Wants=lircd-setup.service
> After=network.target lircd-setup.service
>
> [Service]
> Type=simple
> ExecStart=/usr/sbin/lircd --nodaemon
> ; User=lirc
> ; Group=lirc
>
> ; Hardening opts, see systemd.exec(5). Doesn't add much unless
> ; not running as root.
> ;
> ; # Required for dropping privileges in --effective-user.
> ; CapabilityBoundingSet=CAP_SETEUID
> ; MemoryDenyWriteExecute=true
> ; NoNewPrivileges=true
> ; PrivateTmp=true
> ; ProtectHome=true
> ; ProtectSystem=full
>
> [Install]
> WantedBy=multi-user.target
>
> As you can see above, the User= and Group= lines are commented out, so
> it runs as root. I think it used to run as lirc in the past, but it
> looks like it now runs as root since the update to the new version of
> lirc.
> _______________________________________________
>
>
Mama, the moderator ate my reply. Here it is again with a bit of trimming.
Another example of my system being old school. As I said, I run lircd from
rc.local so things are different.
This doesn't mean it is right, but it is how HDHomerun did it when I built
my Mythbuntu-8 system and that is what I just kept doing when I did the
rebuild last year.
* dad at NewMyth:~$ sudo systemctl status lircd*
*● lircd.service Loaded: not-found (Reason: No such file or directory)
Active: inactive (dead)*
I have some experimenting to do but it looks like it is likely that this
will be easier than what we had been discussing.
Allen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mythtv.org/pipermail/mythtv-users/attachments/20200305/03123377/attachment-0001.htm>
More information about the mythtv-users
mailing list