[mythtv-users] Fwd: Re: Fwd: Re: Mythfrontend freezing and VDPAU?

Thu Mar 5 16:49:54 UTC 2020

On Thu, 5 Mar 2020 07:19:49 -0800, you wrote:

>Thank you for this.  I have modified my killgui.sh file to add sudo
>
>
>*#!/bin/bash         while [  true  ]; do                sudo systemctl
>isolate multi-user.target                if [ $? -eq 0 ]; then
>       sudo systemctl isolate graphical.target                     exit 0
>              fi                sleep 1         done*
>
>I created a test file that will only run with root permissions and put it
>in /etc/sudoers.d/ and changed the permissions and it runs.
>*chown root:mythtv*
>*chmod ug=rx,o=*
>
>My plan is to wait until I have a real lockup and run the file manually.
>When that test is successful, I will modify* /home/dad/.mythtv/lircrc* like
>this
>
>*config = /etc/sudoers.d/killgui.sh &*
>
>Hopefully I have this all correct.  Please let me know if I screwed
>anything up :-)
>
>Allen

Looks like you have things a bit back to front there.  Either the
killgui.sh file needs to be run using sudo (and therefore needs an
sudoers.d entry to allow it to be run without a password), or
killgui.sh needs to call another file using sudo that can run
systemctl.  Killgui.sh can not directly run things using sudo.  And
the sudoers.d files are not executables - they are sudoer config files
that provide sudo permissions to the executables.

So one way to do it would be to remove the sudo commands in killgui.sh
and run the whole of killgui.sh using sudo.  Then it can run systemctl
directly without sudo.

Then you need to work out what user things will be run from when you
run them from a button in lirc, and set up the sudoers.d file for
killgui to allow it to be run from that user without a password.
Running the whoami command from the killgui script and storing the
output of it to a file in /tmp should show the username.  When that
logging is working, run it from a lirc button.

So if killgui.sh is in /usr/local/bin and it will be run from user
lirc, then you would need a /etc/sudoers.d/killgui file that contains
something like this:

lirc ALL=NOPASSWD:/usr/local/bin/killgui.sh

The /etc/sudoers.d/killgui file must be chown root:root and chmod
u=r,g=r or it will be ignored.

The killgui.sh file needs to be run using sudo, so the command in the
lirc config file would be something like this:

config = sudo /usr/local/bin/killgui.sh &

To do it the other way around, you would replace the sudo systemctl
commands in killgui.sh with calls to a helper script.  So
/usr/local/bin/killgui-helper.sh might look like this:

#!/bin/bash

if [ "$1" == "" ]; then

    exit 1

elif [ "$1" == "graphical" || [ "$1" == "multi-user" ]; then

    # Execute systemctl isolate command on the specified target.
    systemctl isolate $1.target

else

    exit 2

fi

and in killgui.sh you would replace "sudo systemctl isolate
graphical.target" with:

  sudo killgui-helper.sh graphical

and you would have /etc/sudoers.d/killgui-helper with this:

lirc ALL=NOPASSWD:/usr/local/bin/killgui-helper.sh

and the lirc config would be:

config = /usr/local/bin/killgui.sh &

The second way is more complicated (it takes two scripts), but easier
to use as you can run killgui.sh directly from any user specified in
the sudoers.d file without using sudo.  So if you want to be able to
ssh into the MythTV box as user "dad", user "mythtv" or any user in
the "mythtv" group and run killgui.sh manually as well as via a lirc
button, your /etc/sudoers.d/killgui-helper file would look like this:

lirc,dad,mythtv,%mythtv ALL=NOPASSWD:/usr/local/bin/killgui-helper.sh