[mythtv-users] Fwd: Re: Fwd: Re: Mythfrontend freezing and VDPAU?

Allen Edwards allen.p.edwards at gmail.com
Thu Mar 5 17:40:12 UTC 2020 

On Thu, Mar 5, 2020 at 8:50 AM Stephen Worthington <stephen_agent at jsw.gen.nz>
wrote:

> On Thu, 5 Mar 2020 07:19:49 -0800, you wrote:
>
>
> >Thank you for this.  I have modified my killgui.sh file to add sudo
> >
> >
> >*#!/bin/bash         while [  true  ]; do                sudo systemctl
> >isolate multi-user.target                if [ $? -eq 0 ]; then
> >       sudo systemctl isolate graphical.target                     exit 0
> >              fi                sleep 1         done*
> >
> >I created a test file that will only run with root permissions and put it
> >in /etc/sudoers.d/ and changed the permissions and it runs.
> >*chown root:mythtv*
> >*chmod ug=rx,o=*
> >
> >My plan is to wait until I have a real lockup and run the file manually.
> >When that test is successful, I will modify* /home/dad/.mythtv/lircrc*
> like
> >this
> >
> >*config = /etc/sudoers.d/killgui.sh &*
> >
> >Hopefully I have this all correct.  Please let me know if I screwed
> >anything up :-)
> >
> >Allen
>
> Looks like you have things a bit back to front there.  Either the
> killgui.sh file needs to be run using sudo (and therefore needs an
> sudoers.d entry to allow it to be run without a password), or
> killgui.sh needs to call another file using sudo that can run
> systemctl.  Killgui.sh can not directly run things using sudo.  And
> the sudoers.d files are not executables - they are sudoer config files
> that provide sudo permissions to the executables.
>
> So one way to do it would be to remove the sudo commands in killgui.sh
> and run the whole of killgui.sh using sudo.  Then it can run systemctl
> directly without sudo.
>
> Then you need to work out what user things will be run from when you
> run them from a button in lirc, and set up the sudoers.d file for
> killgui to allow it to be run from that user without a password.
> Running the whoami command from the killgui script and storing the
> output of it to a file in /tmp should show the username.  When that
> logging is working, run it from a lirc button.
>
> So if killgui.sh is in /usr/local/bin and it will be run from user
> lirc, then you would need a /etc/sudoers.d/killgui file that contains
> something like this:
>
> lirc ALL=NOPASSWD:/usr/local/bin/killgui.sh
>
> The /etc/sudoers.d/killgui file must be chown root:root and chmod
> u=r,g=r or it will be ignored.
>
> The killgui.sh file needs to be run using sudo, so the command in the
> lirc config file would be something like this:
>
> config = sudo /usr/local/bin/killgui.sh &
>
> To do it the other way around, you would replace the sudo systemctl
> commands in killgui.sh with calls to a helper script.  So
> /usr/local/bin/killgui-helper.sh might look like this:
>
> #!/bin/bash
>
> if [ "$1" == "" ]; then
>
>     exit 1
>
> elif [ "$1" == "graphical" || [ "$1" == "multi-user" ]; then
>
>     # Execute systemctl isolate command on the specified target.
>     systemctl isolate $1.target
>
> else
>
>     exit 2
>
> fi
>
> and in killgui.sh you would replace "sudo systemctl isolate
> graphical.target" with:
>
>   sudo killgui-helper.sh graphical
>
> and you would have /etc/sudoers.d/killgui-helper with this:
>
> lirc ALL=NOPASSWD:/usr/local/bin/killgui-helper.sh
>
> and the lirc config would be:
>
> config = /usr/local/bin/killgui.sh &
>
> The second way is more complicated (it takes two scripts), but easier
> to use as you can run killgui.sh directly from any user specified in
> the sudoers.d file without using sudo.  So if you want to be able to
> ssh into the MythTV box as user "dad", user "mythtv" or any user in
> the "mythtv" group and run killgui.sh manually as well as via a lirc
> button, your /etc/sudoers.d/killgui-helper file would look like this:
>
> lirc,dad,mythtv,%mythtv ALL=NOPASSWD:/usr/local/bin/killgui-helper.sh
>
>
I see now that my test was not good as I had already entered my password in
previous testing so the system did not ask me again when I did the test and
thus I thought I had it nailed. I just tried again and password was
requested so obviously I had it screwed up as feared and as you have
pointed out.

There obviously is a lot to learn on this sudoers thing that I do not
understand. I will try the things you have suggested and see if I can
figure it out.

I am not concerned about being able to run the file from multiple users as
I can just have multiple copies of the file.

One question just to clarify. If my file is called  killgui.sh I think you
are saying I would create a file
*/etc/sudoers.d/killgui*
with this single line in it
* lirc ALL=NOPASSWD:/usr/local/bin/killgui.sh  *

This assumes I have figured out that the user is *lirc *as you suggested.

I just want to verify that the file is called  */etc/sudoers.d/killgui* and
not  */etc/sudoers.d/killgui.sh*

Thanks,

Allen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mythtv.org/pipermail/mythtv-users/attachments/20200305/c2f0bfb0/attachment.htm>

More information about the mythtv-users mailing list