[mythtv-users] mythfilldatabase autorun config file location error

Wed Oct 18 12:49:18 UTC 2006

On Tue, Oct 17, 2006 at 09:57:01PM -0400, Michael T. Dean wrote:
> On 10/17/06 20:42, Neil Sedger wrote:
> 
> >So as I see it the potential solutions are:
> >
> >a) Fix the 'missing audio/video groups' thing - is that possible to
> >do as part of a mythbackend rpm update? - and put the initscript back
> >to running mythbackend as 'mythtv'
> >  
> >
> Don't know.

The problem is that the existance/usage of these groups is a
distribution policy. Fedora choses to use console.perms and selinux
for managing access rights to the multimedia devices and having a
mythtv package change that will break other apps.

People have been using console.perms tricks to steal the needed
devices from the logged on user and assign them to mythtv, there will
be console.perms solutions on wiki, Jarod's guide or the archives, but
again this is against the typical expectations that these devices get
owned by the loggen on user.

IMHO a poor choice, but it needs to be changed upstream or in a true
derivative of the distrubution (e.g. a myth dedicated one like
mythdora). I can't have the packages do anything like that as all
packages are expected to have minimal intrusion on typical
Fedora/RHEL/other rpm systems.

But waht can be done is fixing the mentioned "homeless" issues and
offereing an option to start as root or the mythtv users, where the
latter is indeed turned on on user's discretion.

> >b) Add an option to myth 'run mythfillbackend as user:' 
> >  
> >
> That would require that either mythbackend is being run as a) root (who 
> has permissions to su/sudo/ksu to any user) or b) a user who has 
> permission to su/sudo/ksu to another user.  Having a non-functional 
> setting available for those who aren't running as root/are running 
> without permission to switch user would cause more harm than good (and 
> require a lot of mostly useless logic in the housekeeper to figure out 
> how to run mythfilldatabase).
> 
> And, for this to even do any good, mythbackend would have to start a 
> login shell (i.e. "bash -l") in which to execute mythfilldatabase to 
> ensure that the HOME environment variable is set.

I also don't think that it makes sense to start placing setuids in
mythbackend.

> >c) Enhance the RH initscript to setup root's (or mythtv's, even
> >though it is running as root?) environment before launching
> >mythbackend. 

That's probably more a bug fixing than an enhanchment. :)

I think the plan (for the packages, there is no upstream issue
anywhere) should be to

a) make running mythbackend as root/mythtv a user configurable option

b) if it is run as root due to device permissions/kernel capabilities
   issues then it should emulate being the mythtv user, e.g. set a home
   of ~mythtv and also try to chown files to the mythtv user.

The latter may need use of default acls on dirs and perhaps some
intermediate root-owned files will be unavoidable. But at least that
should be the bird's view.

BTW this is both independent of the packaging system used as well as
the distribution. Perhaps the outcome should be documented in the wiki
and the methods shared between distributions.
-- 
Axel.Thimm at ATrpms.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mythtv.org/pipermail/mythtv-users/attachments/20061018/0fe8c092/attachment.pgp 