Am Sonntag 24 Juli 2005 11:17 schrieb Simon Baxter:
If I'm understanding the su correctly, and vdr must be run as root but the date set will be done by another user, I can't see the point! If you're running vdr as root you're already running an 'untrusted' application with full machine rights. Why then switch to another user just for the date set?
It's exactly the opposite: VDR drops all root privileges, except the capability to set the time.
S.
I'm confused.
So you run VDR as root or not??
vdr mailing list vdr@linuxtv.org http://www.linuxtv.org/cgi-bin/mailman/listinfo/vdr
OK, approach 1: settime patch
you start vdr as ordinary user, when it want's to set the time, it calls "sudo date ....", so that date will run as root.
approach 2: su patch
you start vdr as root, it drops all but the CAP_SET_TIME capability and changes its UID to something different you define in the Make.config. VDR only starts as root, but later runs with a different UID.
S.