Ludwig Nussel wrote:
Hi,
I've updated the switch user patch. The user to switch to is a build time define now to prevent vdr vom accidently running under the wrong uid. Patches for 1.2.6 and 1.3.17 attached.
I'm just looking through this for the next VDR version.
Index: vdr-1.3.17/Makefile
--- vdr-1.3.17.orig/Makefile +++ vdr-1.3.17/Makefile @@ -73,7 +73,18 @@ DEFINES += -DPLUGINDIR="$(PLUGINLIBDIR)
ifdef VFAT # for people who want their video directory on a VFAT partition -DEFINES += -DVFAT +DEFINES += -DVFALDT
What's the meaning of this? I can't see any place where VFALDT is actually used.
+endif
+ifdef VDR_USER +DEFINES += -DVDR_USER="$(VDR_USER)" +ifdef VDR_GROUP +DEFINES += -DVDR_GROUP="$(VDR_GROUP)" +endif
Is it really necessary to have VDR_USER _and_ VDR_GROUP separately? I'd say VDR_USER should suffice.
+ifdef WITH_CAPABILITIES +DEFINES += -DWITH_CAPABILITIES +LIBS += -lcap +endif
I assume this means there are systems that don't provide this. Is there a runtime method to determine the presence of this?
=================================================================== --- vdr-1.3.17.orig/vdr.c +++ vdr-1.3.17/vdr.c ... int main(int argc, char *argv[]) { #ifdef _CS_GNU_LIBPTHREAD_VERSION @@ -253,6 +365,23 @@ int main(int argc, char *argv[]) } }
+#ifdef VDR_USER +# ifndef VDR_GROUP +# define VDR_GROUP NULL +# endif
- if(set_keepcaps() != 0)
- return 2;
- if (su(VDR_USER, VDR_GROUP) != 0)
- return 2;
- if(set_nokeepcaps() != 0)
- return 2;
- set_cap_sys_time();
+#endif
Am I missing something here, or is the su() call always done, no matter under which user ID VDR has been started? Shouldn't this only be done if it was started as 'root'?
Klaus
* Klaus Schmidinger schrieb am 30.12.05, um 18:19 Uhr:
I've updated the switch user patch. The user to switch to is a build time define now to prevent vdr vom accidently running under the wrong uid. Patches for 1.2.6 and 1.3.17 attached.
I'm just looking through this for the next VDR version.
Thats really nice to hear.
Index: vdr-1.3.17/Makefile
--- vdr-1.3.17.orig/Makefile +++ vdr-1.3.17/Makefile @@ -73,7 +73,18 @@ DEFINES += -DPLUGINDIR="$(PLUGINLIBDIR)
ifdef VFAT # for people who want their video directory on a VFAT partition -DEFINES += -DVFAT +DEFINES += -DVFALDT
What's the meaning of this? I can't see any place where VFALDT is actually used.
For me this looks like a typo by accident. ;-)
+ifdef WITH_CAPABILITIES +DEFINES += -DWITH_CAPABILITIES +LIBS += -lcap +endif
I assume this means there are systems that don't provide this. Is there a runtime method to determine the presence of this?
Well, you need libcap to be able to use this patch.
+#ifdef VDR_USER +# ifndef VDR_GROUP +# define VDR_GROUP NULL +# endif
- if(set_keepcaps() != 0)
- return 2;
- if (su(VDR_USER, VDR_GROUP) != 0)
- return 2;
- if(set_nokeepcaps() != 0)
- return 2;
- set_cap_sys_time();
+#endif
Am I missing something here, or is the su() call always done, no matter under which user ID VDR has been started? Shouldn't this only be done if it was started as 'root'?
You are completely right, these calls should only be done when root is calling vdr.
I attached the patch which debian and ctvdr use since allmoast one year without bigger drawbacks. (it is based on Ludwig Nussel's patch, but sligtly modified)
Regards, Thomas
Klaus Schmidinger wrote:
Ludwig Nussel wrote:
I've updated the switch user patch. The user to switch to is a build time define now to prevent vdr vom accidently running under the wrong uid. Patches for 1.2.6 and 1.3.17 attached.
I'm just looking through this for the next VDR version.
Index: vdr-1.3.17/Makefile
--- vdr-1.3.17.orig/Makefile +++ vdr-1.3.17/Makefile @@ -73,7 +73,18 @@ DEFINES += -DPLUGINDIR="$(PLUGINLIBDIR)
ifdef VFAT # for people who want their video directory on a VFAT partition -DEFINES += -DVFAT +DEFINES += -DVFALDT
What's the meaning of this? I can't see any place where VFALDT is actually used.
Looks like garbage :-)
+endif
+ifdef VDR_USER +DEFINES += -DVDR_USER="$(VDR_USER)" +ifdef VDR_GROUP +DEFINES += -DVDR_GROUP="$(VDR_GROUP)" +endif
Is it really necessary to have VDR_USER _and_ VDR_GROUP separately? I'd say VDR_USER should suffice.
I actually don't use it myself either. The primary+supplementary groups of the user are used then.
+ifdef WITH_CAPABILITIES +DEFINES += -DWITH_CAPABILITIES +LIBS += -lcap +endif
I assume this means there are systems that don't provide this. Is there a runtime method to determine the presence of this?
Well, you need the definitions at compile time. It's not really necessary to use libcap though, the interface is clumsy anyways. You could do the syscall yourself as well. I just didn't bother changing it as noone requested it and libcap works for me :-)
=================================================================== --- vdr-1.3.17.orig/vdr.c +++ vdr-1.3.17/vdr.c ... int main(int argc, char *argv[]) { #ifdef _CS_GNU_LIBPTHREAD_VERSION @@ -253,6 +365,23 @@ int main(int argc, char *argv[]) } }
+#ifdef VDR_USER +# ifndef VDR_GROUP +# define VDR_GROUP NULL +# endif
- if(set_keepcaps() != 0)
- return 2;
- if (su(VDR_USER, VDR_GROUP) != 0)
- return 2;
- if(set_nokeepcaps() != 0)
- return 2;
- set_cap_sys_time();
+#endif
Am I missing something here, or is the su() call always done, no matter under which user ID VDR has been started? Shouldn't this only be done if it was started as 'root'?
That was basically the case when I used command line switches. I had problems with some plugins (don't remember which exactly) as they already created some fixed files as the invoking use e.g. when you ran --help and then prevented start of vdr later. Yeah, all horrible. Maybe that kind of things get sorted if you include the patch though.
cu Ludwig