[mythtv-users] Powering off computer as non-root
Piers Kittel
mythtv at biased.org
Tue Dec 27 20:59:41 EST 2005
Well, I don't have KDE or Gnome installed :) Only Windowmaker and FVWM
but they aren't used. My .xinitrc just has a few "xset" lines in and
the path to the mythfrontend binary itself and nothing else. When I
used FVWM as window manager it windowed the video playback which annoyed
me - removing FVWM as window manager sorted it.
Look, no "windowmaker" or "fvwm" in ps aux:
piers at hinata:~$ ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 7.6 0.1 1492 504 ? S 01:52 0:04 init [2]
root 2 0.0 0.0 0 0 ? S 01:52 0:00 [keventd]
root 3 0.0 0.0 0 0 ? SN 01:52 0:00
[ksoftirqd_CPU0]
root 4 0.0 0.0 0 0 ? S 01:52 0:00 [kswapd]
root 5 0.0 0.0 0 0 ? S 01:52 0:00 [bdflush]
root 6 0.0 0.0 0 0 ? S 01:52 0:00 [kupdated]
root 8 0.2 0.0 0 0 ? S 01:52 0:00 [rpciod]
root 318 0.0 0.0 0 0 ? S 01:53 0:00 [khubd]
root 420 0.0 0.3 2360 864 ? Ss 01:53 0:00 dhclient
-e -pf /var/run/dhclient.eth0.pid -lf /var/run/dhclient.eth0.leases eth0
daemon 425 0.0 0.1 1608 448 ? Ss 01:53 0:00 /sbin/portmap
root 586 0.0 0.3 2244 804 ? Ss 01:53 0:00 /sbin/syslogd
root 589 0.0 0.2 1492 560 ? Ss 01:53 0:00 /sbin/klogd
root 597 0.0 0.2 2220 724 ? Ss 01:53 0:00
/usr/sbin/inetd
root 605 0.0 0.6 3720 1552 ? Ss 01:53 0:00
/usr/sbin/sshd
daemon 613 0.0 0.2 1672 636 ? Ss 01:53 0:00 /usr/sbin/atd
root 616 0.0 0.2 1748 724 ? Ss 01:53 0:00
/usr/sbin/cron
piers 622 0.0 0.4 2464 1152 vc/1 Ss+ 01:53 0:00 /bin/sh
/etc/init.d/mythfrontend_startup
root 623 0.0 0.1 1484 476 vc/2 Ss+ 01:53 0:00
/sbin/getty 38400 vc/2
piers 624 0.0 0.4 2472 1188 vc/1 S+ 01:53 0:00 /bin/sh
/usr/X11R6/bin/startx
piers 635 0.0 0.2 2360 636 vc/1 S+ 01:53 0:00 xinit
/home/piers/.xinitrc -- /usr/X11R6/lib/X11/xinit/xserverrc
root 636 7.0 11.0 38128 28268 ? S<L 01:53 0:02
/usr/bin/X11/X -dpi 100 -nolisten tcp
piers 640 0.0 0.4 2456 1144 vc/1 S 01:53 0:00 /bin/sh
/home/piers/.xinitrc
piers 644 31.4 37.4 118848 96016 vc/1 S 01:53 0:09
/usr/local/bin/mythfrontend
piers 647 0.0 37.4 118848 96016 vc/1 S 01:53 0:00
/usr/local/bin/mythfrontend
piers 648 0.0 37.4 118848 96016 vc/1 S 01:53 0:00
/usr/local/bin/mythfrontend
root 649 0.1 0.8 7176 2172 ? Ss 01:53 0:00 sshd:
piers [priv]
root 651 0.0 0.8 7176 2172 ? S 01:53 0:00 sshd:
piers [priv]
piers 655 0.0 0.8 7184 2240 ? S 01:53 0:00 sshd:
piers at pts/0
piers 656 0.1 0.6 2984 1648 pts/0 Ss 01:53 0:00 -bash
piers 665 0.0 0.3 2480 860 pts/0 R+ 01:53 0:00 ps aux
piers at hinata:~$
But if I add in fvwm in my .xinitrc file, I get all the above again, but
also the following line from ps aux:
piers 686 1.1 0.9 4924 2436 vc/1 S 01:55 0:00 /usr/bin/fvwm
But I don't need fvwm, so I remove it from my .xinitrc file. Still
works, and don't have the windowing problem. Acutally it's probably
fixable, but I don't strictly need a window manager.
Actually I think you can say "You're using Mythfrontend as a
display/window manager"
It doesn't matter anyway, the frontend calls "halt" to power off as
default - and I've added in so that sudo allows the user that runs the
frontend to run halt without entering the password. Works fine. Sure,
someone can log in as "piers" and call the halt command via sudo, but
it's a dedicated frontend machine, who cares? ;)
Cheers - Piers
Jonathan Tidmore wrote:
> If you are using X, then you are still using a display manager whether
> or not you have automatic login. If you want to be able to shutdown
> from mythfrontend, then you need to match you display manager with your
> desktop manager. i.e. kdm if using kde or gdm if using gnome.
>
> KDE and Gnome tie into their display manager's admin access to shutdown
> or restart the server.
>
> So if you're using KDE, use KDM and then you can shutdown your server.
>
> To use KDM edit /etc/sysconfig/desktop and add:
>
> DISPLAYMANAGER="KDE"
>
>
> On 12/27/05, *Piers Kittel* < mythtv at biased.org
> <mailto:mythtv at biased.org>> wrote:
>
> No display manager and not using KDE.
>
> When the computer boots up, it loads mythfrontend on its own. No
> log in
> manager, nothing. It's intended to be used only for a frontend in my
> bedroom, so no big deal if someone hacked in and powered the frontend
> off - very unlikely anyway.
>
> Hmm. But then again, the files for the frontend is on the server
> (diskless frontend using netboot you see) so the halt command is open to
> all on the server.... best check that then! Hmm, I seem to be able to
> access halt via my server as a non-root user - not going to actually
> invoke the command though! Maybe best to move the halt command
> somewhere else, rename it to something like "fluffy_teddies" - no-one'll
> find it...?
>
> Cheers - Piers
>
> Jonathan Tidmore wrote:
> > Are you using kde? Which Display Manager are you using? GDM,
> KDM, XDM?
> >
> > chmod +s /sbin/halt is not a good idea.
> >
> > On 12/27/05, *R. Geoffrey Newbury* < newbury at mandamus.org
> <mailto:newbury at mandamus.org>
> > <mailto:newbury at mandamus.org <mailto:newbury at mandamus.org>>> wrote:
> >
> > On Tue, 27 Dec 2005 01:58:15 +0000, Piers Kittel wrote:
> >
> > >Hello all,
> > >
> > >Mythfrontend is set to turn off my computer using the
> command "halt".
> > >Mythfrontend is run as an non-root user - in this case user
> > "piers" - so
> > >when I try to exit MythTV, and I select "Yes, exit and
> shutdown" - it
> > >jsut says "Command not found". Obviously this command
> isn't available
> > >to non-root users. So how do I enable the user "piers" to
> be able to
> > >shut down the computer without opening up too many obvious
> > security holes?
> >
> > put a copy of the program in /home/piers or /home/mythtv as
> > applicable and
> > chmod it so that user 'piers' or 'mythtv' can execute it.
> >
> > If user mythtv "owns" mythfrontend, then only mythtv and root
> will
> > be able
> > to execute the shutdown.
> >
> > Geoff
> >
> > R. Geoffrey Newbury
> newbury at mandamus.org <mailto:newbury at mandamus.org>
> > <mailto:newbury at mandamus.org <mailto:newbury at mandamus.org>>
> > Barrister and Solicitor Telephone:
> 905-271-9600
> > Mississauga,Ontario, Canada Facsimile:
> 905-271-1638
> >
> > _______________________________________________
> > mythtv-users mailing list
> > mythtv-users at mythtv.org <mailto:mythtv-users at mythtv.org>
> <mailto:mythtv-users at mythtv.org <mailto:mythtv-users at mythtv.org>>
> > http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users
> <http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users>
> >
> >
> >
> >
> > --
> > Jonathan Tidmore
> >
> >
> >
> ------------------------------------------------------------------------
> >
> > _______________________________________________
> > mythtv-users mailing list
> > mythtv-users at mythtv.org <mailto:mythtv-users at mythtv.org>
> > http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users
> <http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users>
> _______________________________________________
> mythtv-users mailing list
> mythtv-users at mythtv.org <mailto:mythtv-users at mythtv.org>
> http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users
>
>
>
>
> --
> Jonathan Tidmore
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> mythtv-users mailing list
> mythtv-users at mythtv.org
> http://mythtv.org/cgi-bin/mailman/listinfo/mythtv-users
More information about the mythtv-users
mailing list