<div dir="ltr"><div class="gmail_default" style="font-family:monospace,monospace">Yes,</div><div class="gmail_default" style="font-family:monospace,monospace"><br></div><div class="gmail_default" style="font-family:monospace,monospace">It is easy to make sudo not ask for a password. Figure out what group your myth user is in:</div><div class="gmail_default" style="font-family:monospace,monospace"><br></div><div class="gmail_default" style="font-family:monospace,monospace">`groups` - it is common to use 'wheel' or 'sudo' for groups that have sudo access.</div><div class="gmail_default" style="font-family:monospace,monospace"><br></div><div class="gmail_default" style="font-family:monospace,monospace">Whatever groupid is in use on *buntu, find the line in /etc/sudoers that begins with :</div><div class="gmail_default" style="font-family:monospace,monospace"><br></div><div class="gmail_default" style="font-family:monospace,monospace">%groupid and change it to:</div><div class="gmail_default" style="font-family:monospace,monospace"><br></div><div class="gmail_default" style="font-family:monospace,monospace">%wheel ALL=(ALL) NOPASSWD: ALL<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Mar 5, 2020 at 1:46 PM Allen Edwards <<a href="mailto:allen.p.edwards@gmail.com">allen.p.edwards@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Mar 5, 2020 at 11:03 AM Greg Oliver <<a href="mailto:oliver.greg@gmail.com" target="_blank">oliver.greg@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><div style="font-family:monospace,monospace"><span style="font-family:Arial,Helvetica,sans-serif">On Thu, Mar 5, 2020 at 11:42 AM Allen Edwards <<a href="mailto:allen.p.edwards@gmail.com" target="_blank">allen.p.edwards@gmail.com</a>> wrote:</span><br></div></div><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Mar 5, 2020 at 8:50 AM Stephen Worthington <<a href="mailto:stephen_agent@jsw.gen.nz" target="_blank">stephen_agent@jsw.gen.nz</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">On Thu, 5 Mar 2020 07:19:49 -0800, you wrote:<br>
<br>
<br>
>Thank you for this. I have modified my killgui.sh file to add sudo<br>
><br>
><br>
>*#!/bin/bash while [ true ]; do sudo systemctl<br>
>isolate multi-user.target if [ $? -eq 0 ]; then<br>
> sudo systemctl isolate graphical.target exit 0<br>
> fi sleep 1 done*<br>
><br>
>I created a test file that will only run with root permissions and put it<br>
>in /etc/sudoers.d/ and changed the permissions and it runs.<br>
>*chown root:mythtv*<br>
>*chmod ug=rx,o=*<br>
><br>
>My plan is to wait until I have a real lockup and run the file manually.<br>
>When that test is successful, I will modify* /home/dad/.mythtv/lircrc* like<br>
>this<br>
><br>
>*config = /etc/sudoers.d/killgui.sh &*<br>
><br>
>Hopefully I have this all correct. Please let me know if I screwed<br>
>anything up :-)<br>
><br>
>Allen<br>
<br>
Looks like you have things a bit back to front there. Either the<br>
killgui.sh file needs to be run using sudo (and therefore needs an<br>
sudoers.d entry to allow it to be run without a password), or<br>
killgui.sh needs to call another file using sudo that can run<br>
systemctl. Killgui.sh can not directly run things using sudo. And<br>
the sudoers.d files are not executables - they are sudoer config files<br>
that provide sudo permissions to the executables.<br>
<br>
So one way to do it would be to remove the sudo commands in killgui.sh<br>
and run the whole of killgui.sh using sudo. Then it can run systemctl<br>
directly without sudo.<br>
<br>
Then you need to work out what user things will be run from when you<br>
run them from a button in lirc, and set up the sudoers.d file for<br>
killgui to allow it to be run from that user without a password.<br>
Running the whoami command from the killgui script and storing the<br>
output of it to a file in /tmp should show the username. When that<br>
logging is working, run it from a lirc button.<br>
<br>
So if killgui.sh is in /usr/local/bin and it will be run from user<br>
lirc, then you would need a /etc/sudoers.d/killgui file that contains<br>
something like this:<br>
<br>
lirc ALL=NOPASSWD:/usr/local/bin/killgui.sh<br>
<br>
The /etc/sudoers.d/killgui file must be chown root:root and chmod<br>
u=r,g=r or it will be ignored.<br>
<br>
The killgui.sh file needs to be run using sudo, so the command in the<br>
lirc config file would be something like this:<br>
<br>
config = sudo /usr/local/bin/killgui.sh &<br>
<br>
To do it the other way around, you would replace the sudo systemctl<br>
commands in killgui.sh with calls to a helper script. So<br>
/usr/local/bin/killgui-helper.sh might look like this:<br>
<br>
#!/bin/bash<br>
<br>
if [ "$1" == "" ]; then<br>
<br>
exit 1<br>
<br>
elif [ "$1" == "graphical" || [ "$1" == "multi-user" ]; then<br>
<br>
# Execute systemctl isolate command on the specified target.<br>
systemctl isolate $1.target<br>
<br>
else<br>
<br>
exit 2<br>
<br>
fi<br>
<br>
and in killgui.sh you would replace "sudo systemctl isolate<br>
graphical.target" with:<br>
<br>
sudo killgui-helper.sh graphical<br>
<br>
and you would have /etc/sudoers.d/killgui-helper with this:<br>
<br>
lirc ALL=NOPASSWD:/usr/local/bin/killgui-helper.sh<br>
<br>
and the lirc config would be:<br>
<br>
config = /usr/local/bin/killgui.sh &<br>
<br>
The second way is more complicated (it takes two scripts), but easier<br>
to use as you can run killgui.sh directly from any user specified in<br>
the sudoers.d file without using sudo. So if you want to be able to<br>
ssh into the MythTV box as user "dad", user "mythtv" or any user in<br>
the "mythtv" group and run killgui.sh manually as well as via a lirc<br>
button, your /etc/sudoers.d/killgui-helper file would look like this:<br>
<br>
lirc,dad,mythtv,%mythtv ALL=NOPASSWD:/usr/local/bin/killgui-helper.sh<br><br></blockquote><div><br></div><div>I see now that my test was not good as I had already entered my password in previous testing so the system did not ask me again when I did the test and thus I thought I had it nailed. I just tried again and password was requested so obviously I had it screwed up as feared and as you have pointed out.</div><div><br></div><div>There obviously is a lot to learn on this sudoers thing that I do not understand. I will try the things you have suggested and see if I can figure it out. </div><div><br></div><div>I am not concerned about being able to run the file from multiple users as I can just have multiple copies of the file. </div><div><br></div><div>One question just to clarify. If my file is called killgui.sh I think you are saying I would create a file<b> </b></div><div><b>/etc/sudoers.d/killgui</b></div><div>with this single line in it</div><div><b>
lirc ALL=NOPASSWD:/usr/local/bin/killgui.sh </b><br></div><div><b><br></b></div><div>This assumes I have figured out that the user is <b>lirc </b>as you suggested.</div><div><br></div><div>I just want to verify that the file is called
<b>/etc/sudoers.d/killgui</b> and not
<b>/etc/sudoers.d/killgui.sh</b></div></div></div></blockquote><div><br></div><div><div style="font-family:monospace,monospace">I modify my sudoers file by creating an entry for me:</div><div style="font-family:monospace,monospace"><br></div>## Greg Specific<br><div style="font-family:monospace,monospace"><span style="font-family:Arial,Helvetica,sans-serif">Cmnd_Alias GREG = /usr/bin/journalctl, /usr/sbin/reboot, /usr/sbin/shutdown, /usr/bin/dmesg, /bin/df, /usr/bin/sync, /usr/bin/htop, /usr/bin/top, /usr/bin/adb, /usr/bin/fastboot</span></div><div style="font-family:monospace,monospace"><br></div><div style="font-family:monospace,monospace">You get the idea - just put your specific commands (that will not as for a password) into the list.</div><div style="font-family:monospace,monospace"><br></div><div style="font-family:monospace,monospace">Then edit the wheel group (should be wheel on *buntu as well).</div><div style="font-family:monospace,monospace"><br></div>## Allows people in group wheel to run all commands<br>%wheel ALL=(ALL) ALL<br><br>## Same thing without a password<br>%wheel ALL=(ALL) NOPASSWD: GREG<br><div style="font-family:monospace,monospace"><br></div><div style="font-family:monospace,monospace">Then in your lircrc, run the script with sudo in front of it and take the sudo entries out of the script (or add systemctl to your list of sudo commands and leave as-is) - it's all personal preference at this point.</div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_quote"><div>Thanks,</div><div><br></div><div>Allen</div></div></div>
</blockquote></div></div>
_______________________________________________<br></blockquote><div><br></div><div> Are you saying that I can just add
systemctl to a list somewhere and it won't ask for a password? This computer is an appliance with no users except myth and what I do to maintain it. If I could make it so sudo doesn't require a password I would. So making
systemctl not require a password seems like a nice compromise. Could I then just run my script from anywhere and it would just run?</div><div><br></div><div>So where do I put the command and what it is? Please be specific. I have used Linux since Red Hat 4 and used to run a web server in my back room but my knowledge is both limited and mostly out of date. I am a C, java, and php programmer (EE by training) but this system and shell stuff has me pretty lost. I really appreciate the help you all are giving me. Thank you.</div><div><br></div><div>Allen</div></div></div>
_______________________________________________<br>
mythtv-users mailing list<br>
<a href="mailto:mythtv-users@mythtv.org" target="_blank">mythtv-users@mythtv.org</a><br>
<a href="http://lists.mythtv.org/mailman/listinfo/mythtv-users" rel="noreferrer" target="_blank">http://lists.mythtv.org/mailman/listinfo/mythtv-users</a><br>
<a href="http://wiki.mythtv.org/Mailing_List_etiquette" rel="noreferrer" target="_blank">http://wiki.mythtv.org/Mailing_List_etiquette</a><br>
MythTV Forums: <a href="https://forum.mythtv.org" rel="noreferrer" target="_blank">https://forum.mythtv.org</a><br>
</blockquote></div>