[mythtv-users] Re: running mythbackend as root (was: Mythweb says
I have 75 out of 72 Gigs used)
Joseph A. Caputo
jcaputo1 at comcast.net
Thu Feb 19 09:35:46 EST 2004
On Wednesday 18 February 2004 19:42, Axel Thimm wrote:
> On Wed, Feb 18, 2004 at 02:40:43PM -0800, Chris Petersen wrote:
> > > Why should mythbackend have to chuser itself? Just don't run it
> > > as root. There's no need to. If you have permissions problems
> > > you need to solve them. Running as root is not an advisable
> > > solution.
> >
> > well, last I remembered, people were having a number of problems
> > running myth under redhat as a non-root user, which is why Axel's
> > init.d script doesn't su the mythbackend execution like the debian
> > stuff apparently does.
>
> The problem is less a technical one, than one of setting
> policies. Under Red Hat/Fedora ceratin devices are expected to be
> owned by the current desktop user, i.e. ownership/modes get set at
> login time. See also console.perms(5).
>
> This means that in the default settings the currently logged in user
> gets ownership over the devices mythbackend uses. If mythbackend runs
> as an unpriviledged user it loses access to these devices (or has
> read only access).
>
> So either one lets the backend run as root or one can tune the
> permissions of /etc/security/console.perms. Doing the latter
> automatically from an rpm install looked too invasive (and
> maintainersome) for me, so feel free to switch to a mythtv user
> adapting this file as required.
>
> Debian has groups for solving this. So the current logged in user and
> mythtv have the same access rights, nobody can lock out the other,
> but both can steal resources (like switching channels from a non-myth
> app).
>
> It all boils down to policies, and who am I to change Red Hat's or
> Debian's policies ;)
>
> > I'm happy to do things either way - but having mythbackend START as
> > root, and then chuser itself would allow it to make sure that it
> > has the proper permissions (correcting as necessary) before it
> > turns itself into a lesser userid.
>
> You can chown the devices and start right as the mythtv user, if you
> are sure nobody will change the ownership/permission back (even
> implicitly by simply logging in).
Just one added note -- for some folks using the CLE HW decoder on some
of the Epia boards w/libddmpeg, you *do* need to run as root. That's
the only case I'm aware of, though, and the CLE support in Myth is not
being maintained anymore, anyway (well, at least, not by Isaac).
-JAC
More information about the mythtv-users
mailing list