[mythtv-users] Sudoers fix for MythTV builtin commands requiring sudo systemctl

Stephen Worthington stephen_agent at jsw.gen.nz
Tue Apr 6 03:28:14 UTC 2021


On Sun, 14 Jul 2019 05:18:25 +1200, you wrote:

>In mythtv-setup and mythfrontend, there are commands to halt, power
>off and reboot the PC and to start and stop mythbackend.  Since the
>arrival of systemd, these commands as installed do not work or do not
>work correctly, since they now require the use of the systemctl
>command with sudo.  Having mythtv-setup unable to stop and start
>mythbackend causes a number of problems for people who think they have
>changed a setting but have only changed it in the database as
>mythbackend needs to be restarted before it will see the change.  This
>causes a lot of confusion.  And you can wind up with multiple copies
>of mythbackend running at the same time also.
>
>I have created what I hope is a good workaround for this problem on
>Ubuntu 18.04, and it should also work on Ubuntu 16.04.  It uses an
>entry in sudoers to allow a helper script to be run with sudo to
>execute the correct systemctl commands.
>
>Here is the /etc/sudoers.d/mythtv-systemctl-helper file:
>
>mythtv,%mythtv
>ALL=NOPASSWD:/home/mythtv/bin/mythtv-systemctl-helper.sh
>
>(all one line - my email client wraps long lines)
>
>And here is the /home/mythtv/bin/mythtv-systemctl-helper.sh file:
>
>#!/bin/bash
># Sudoers helper script for MythTV programs to be able to do necessary
>systemctl commands.
># Author: J S Worthington
># Version 1.0 2019-07-14
>
># Warning: For this script to work safely (without any security
>risks), it
># must be "chown root:mythtv" and "chmod ug=rx,o=".
>
>#set -x
>
>if [ "$1" == "" ]; then
>    exit 1
>fi
>
>if [ "$1" == "reboot" ] || [ "$1" == "poweroff" ] || [ "$1" == "halt"
>]; then
>
>    # Execute the systemctl aliased command.
>    $1
>
>elif [ "$1" == "start" ] || [ "$1" == "stop" ] || [ "$1" == "restart"
>] || [ "$1" == "status" ]; then
>
>    # Execute the command on the mythbackend service.
>    systemctl $1 mythtv-backend.service
>
>fi
>
>To install these two new files, run the following commands to download
>them from my web server:
>
>sudo su
>cd /home/mythtv/
>if [ ! -d bin ]; then
>	mkdir bin
>	chown mythtv:mythtv bin
>fi
>cd bin
>wget https://www.jsw.gen.nz/mythtv/mythtv-systemctl-helper.sh
>chown root:mythtv mythtv-systemctl-helper.sh
>chmod ug=rx,o= mythtv-systemctl-helper.sh
>cd /etc/sudoers.d
>wget https://www.jsw.gen.nz/mythtv/mythtv-systemctl-helper
>chown root:root mythtv-systemctl-helper
>chmod ug=r,o= mythtv-systemctl-helper
>exit
>
>Note that I am unable to test the above install script as it will only
>work from outside my network, so please let me know if there are any
>problems.
>
>Once the above install is done, you should be able to test it by
>running commands like this from your mythfrontend user:
>
>sudo /home/mythtv/bin/mythtv-systemctl-helper.sh stop
>
>That command should stop mythbackend, and it should not ask you for
>authentication as sudo normally does.
>
>If that works, then you need to make the following MythTV settings
>changes:
>
>mythtv-setup > 1. General > Shutdown/Wakeup Options > Server halt
>command:
>  sudo /home/mythtv/bin.mythtv-systemctl-helper.sh halt
>
>mythtv-setup > 1. General > Backend Control > Backend stop command:
>  sudo /home/mythtv/bin.mythtv-systemctl-helper.sh stop
>
>mythtv-setup > 1. General > Backend Control > Backend start command:
>  sudo /home/mythtv/bin.mythtv-systemctl-helper.sh start
>
>mythfrontend > Setup > General > Shutdown/Reboot Settings > Halt
>command:
>  sudo /home/mythtv/bin.mythtv-systemctl-helper.sh poweroff
>
>mythfrontend > Setup > General > Shutdown/Reboot Settings > Reboot
>command:
>  sudo /home/mythtv/bin.mythtv-systemctl-helper.sh reboot
>
>The mythfrontend commands are run locally on the frontend PC, so you
>have to install the files and do those two setups on each frontend as
>well as the backend PC.  I only have a combined frontend/backend box,
>so I have not tested with remote frontends.
>
>Please consider this to be beta software - I make no guarantees that
>it will work on your system, but it does work on mine and I would like
>to have some other people test it too.  And I am no expert on using
>sudoers, so it is possible that I have left a security hole.  Again,
>please let me know if you think I am doing something the wrong way.

It has just been pointed out that there is I made a nasty typo in the
above instructions, and then cut and pasted the same typo.  Wherever
there is "/home/mythtv/bin.mythtv-systemctl-helper.sh" it should
actually be "/home/mythtv/bin/mythtv-systemctl-helper.sh".  So it
should read:

mythtv-setup > 1. General > Shutdown/Wakeup Options > Server halt
command:
  sudo /home/mythtv/bin/mythtv-systemctl-helper.sh halt

mythtv-setup > 1. General > Backend Control > Backend stop command:
  sudo /home/mythtv/bin/mythtv-systemctl-helper.sh stop

mythtv-setup > 1. General > Backend Control > Backend start command:
  sudo /home/mythtv/bin/mythtv-systemctl-helper.sh start

mythfrontend > Setup > General > Shutdown/Reboot Settings > Halt
command:
  sudo /home/mythtv/bin/mythtv-systemctl-helper.sh poweroff

mythfrontend > Setup > General > Shutdown/Reboot Settings > Reboot
command:
  sudo /home/mythtv/bin/mythtv-systemctl-helper.sh reboot

Apologies to anyone who tried to follow those instructions as written.


More information about the mythtv-users mailing list