[ATrpms-devel] mythbackend running as root
Chris Rouch
chris.rouch at gmail.com
Thu Oct 19 09:19:40 CEST 2006
On 10/18/06, Axel Thimm <Axel.Thimm at atrpms.net> wrote:
> On Wed, Oct 18, 2006 at 05:10:34PM +0200, Chris Rouch wrote:
> > I've just noticed that mythbackend from atrpms runs as root.
> > /etc/init.d/mythbackend has this in it:
> >
> > # Does not work on Red Hat, do to to missing audio/video groups.
> > # cd $MYTHTV_HOME && daemon --user mythtv $binary $OPTIONS
> > cd $MYTHTV_HOME && daemon $binary $OPTIONS
> >
> > What exactly are the issues here with these groups? Is it a matter of
> > making /dev/dsp and /dev/video* group owned by audio and video
> > respectively, adding mythtv as a member of these groups and diddling
> > with /etc/security/console.perms to make sure that the group
> > ownership stays the same if anyone is logged in or not? Or is there
> > something else I'm missing?
>
> There are some recipies for dealing with console.perms. It was rather
> common some time ago, but was probably forgotten. Archives, google and
> mythtv docs/wiki/guides may have some good pointers on that.
>
> > If possible I'd like to *not* have mythbackend running as root if
> > there is an alternative.
>
> There is a thread on that on mythtv-users list (albeit under a
> misleading subject).
>
> Creating audio/video groups would be an option, that individual setups
> could follow, but it would break the general permission assumptions
> under Fedora/RH. You may think that this is no problem for a dedicated
> myth system (and you would be correct), but the packages are
> targeting general setups. E.g. installing mythtv packages shouldn't
> break your favourite window/audio manager.
I'd already come to the conclusion that the current packaging was
correct, because messing systematically with groups etc. would
probably break more than it fixes. But I figured if I made the changes
manually then I could deal with the consequences.
>
> There are also some drawbacks in running as non-root concerning kernel
> capabilities especially real-time schedling and priorities. You would
> a patched kernel for getting the same capabilitites for a non-root
> user like root.
This I hadn't thought of. My mythbackend is also my general purpose
desktop PC, so this will occasionally be important.
>
> I'd like to work on adding the option to run as a "mythtv" user and
> improve "emulation" of doing so as well. Check the mentioned thread on
> mythtv-users for first details. But I would probably prefer to do so
> in SVN-head based mythtv packages to allow this changes to get some
> testing before going into production.
>
> BTW Isaac contacted me in private and approved to regularily publish
> svn-head based packages, it's just a matter of setting some
> autobuilder up.
This is in addition to the fixes rpms you're publishing regularly anyway.
> But all these are topics for atrpms-devel. Setting the Reply-To
> accordingly. ;=)
Which until a few minutes ago I wasn't subscribed to :-)
Regards,
Chris
More information about the atrpms-devel
mailing list