[mythtv-users] mythfilldatabase autorun config file location error

Michael T. Dean mtdean at thirdcontact.com
Wed Oct 18 01:53:18 UTC 2006


On 10/17/06 17:12, R. G. Newbury wrote:

>Michael T. Dean wrote:
>  
>
>>On 10/17/06 09:56, Daniel Kristjansson wrote:
>>
>>>On Sat, 2006-10-14 at 16:26 +0100, Neil Sedger wrote:
>>>
>>>>Michael T. Dean wrote:
>>>>
>>>>>Because the environment from which this is being run doesn't have a HOME 
>>>>>environment variable defined.
>>>>>
>>>>Indeed. How odd. I thought that Fedora initscripts would automatically pick up the user's (root) environment. A quick test shows it doesn't even have $USER!
>>>>I've edited the initscript to hardcode the HOME var as you suggested, thanks.
>>>>I'd have thought this problem would happen to more people though, I haven't seen it mentioned in the docs, install guide or FAQ.
>>>>
>>>I would think very few people run mythfilldatabase as root..
>>>
>>>Too many people do something crazy like run mythbackend or mythfrontend
>>>as root, but I've never seen anyone recommend running mythfilldatabase
>>>that way.
>>>
>>Of course, if running (the master) mythbackend as root and if MythTV is 
>>set to automatically run mythfilldatabase, mythfilldatabase is run as 
>>root.  :)
>>
>>The most common reason to be lacking a HOME environment variable is 
>>because an init script (which is not executed under a login shell) 
>>starts mythbackend and doesn't go to the trouble of setting up the 
>>environment correctly.
>>
>Verrrryyy interesting. Firstly, I always run mythfilldatabase as root 
>and it runs fine!
>Under Fedora, at least, the $HOME variable is taken from the /etc/passwd 
>file, and set by 'login' on logging in.
>  
>
But, only when "logging in".

>I would think that the only way to get running without a $HOME 
>environment variable set would be to bypass login somehow.
>  
>
Right, like by having an init script--which is not executed under a 
login shell--start mythbackend.  TTBOMK, this is what the FC start 
scripts do.

>If that works I suspect that chown and chgrp of mythfilldatabase may be 
>sufficient to avoid the problem referred to above.
>  
>
chown and chgrp won't do anything.  Even chmod to set it setuid mythtv 
won't do anything.  You just need a HOME environment variable (which you 
can set in the init script or by executing mythbackend/mythfilldatabase 
from within a login shell).

>Although I still do not understand why 'running mythfilldatabase root is 
>not a good idea'.
>This is a myth.
>

If you run a program as user mythtv, and it has a 
bug/exploit/failure/whatever, it can destroy the mythtv user's data.  If 
you run a program as user root, and it has a 
bug/exploit/failure/whatever, it can destroy the entire system (or even 
do other more nefarious deeds).  That is not a myth--I'd be happy to 
provide you an example program if you'd like to test it.  :D  (I think 
I'd call the program, 
"I_cant_believe_I_convinced_you_to_install_and_run_my_rootkit".)

Or, come to think of it, there's a commonly available example program by 
the name of Windows...

Mike


More information about the mythtv-users mailing list