There have been reports from people who want to run VDR as user 'root' and have trouble with access rights when using "-u root".
The attached patch simply skips all the SetCaps() and SetUser() stuff when VDR is started as 'root' and the option "-u root" has been given. This should then behave just like older versions.
Klaus
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Klaus Schmidinger schrieb:
There have been reports from people who want to run VDR as user 'root' and have trouble with access rights when using "-u root".
The attached patch simply skips all the SetCaps() and SetUser() stuff when VDR is started as 'root' and the option "-u root" has been given. This should then behave just like older versions.
Klaus
Hi Klaus,
Thanks for the patch. It solves my problem with the text2skin-plugin, that was not able to load a lot of the channel logos or needed fonts if they were accessed via a symlink.
Oliver
On Monday 09 January 2006 18:54, Oliver Friedrich wrote:
Klaus Schmidinger schrieb:
There have been reports from people who want to run VDR as user 'root' and have trouble with access rights when using "-u root".
The attached patch simply skips all the SetCaps() and SetUser() stuff when VDR is started as 'root' and the option "-u root" has been given. This should then behave just like older versions.
Klaus
Hi Klaus,
Thanks for the patch. It solves my problem with the text2skin-plugin, that was not able to load a lot of the channel logos or needed fonts if they were accessed via a symlink.
Oliver
Hi Oliver,
A better approach would be to just set the permissions of the files to sane values as I think running vdr as non-root is a lot better.
Matthias
Matthias Schwarzott wrote:
On Monday 09 January 2006 18:54, Oliver Friedrich wrote:
Klaus Schmidinger schrieb:
There have been reports from people who want to run VDR as user 'root' and have trouble with access rights when using "-u root".
The attached patch simply skips all the SetCaps() and SetUser() stuff when VDR is started as 'root' and the option "-u root" has been given. This should then behave just like older versions.
Klaus
Hi Klaus,
Thanks for the patch. It solves my problem with the text2skin-plugin, that was not able to load a lot of the channel logos or needed fonts if they were accessed via a symlink.
Oliver
Hi Oliver,
A better approach would be to just set the permissions of the files to sane values as I think running vdr as non-root is a lot better.
Propably all *nix-purists will lynch me, but I really think that having elaborate permissions on a STB is rather far fetched. Set_Top_Box does NOT need _any_ of that.
On Monday 09 January 2006 20:51, Lauri Tischler wrote:
A better approach would be to just set the permissions of the files to sane values as I think running vdr as non-root is a lot better.
Does this solve all requirements?
Propably all *nix-purists will lynch me, but I really think that having elaborate permissions on a STB is rather far fetched. Set_Top_Box does NOT need _any_ of that.
At least 3 modes of operation would be interesting:
"read only mode" - anything works but no changes upon configuration are allowed, no deletes and (likely) no user-commands - you can sit anyone in front of your system and need no worry
"read/record/delete" - anything allowed but no changes on configuration (aka channels, setup, plugins) - girlfriend mode ;-)
"full access" - aka administration mode, well...
I demand that Lauri Tischler may or may not have written...
[snip]
Propably all *nix-purists will lynch me, but I really think that having elaborate permissions on a STB is rather far fetched. Set_Top_Box does NOT need _any_ of that.
But Generic_Desktop_Computer does. :-)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Matthias Schwarzott schrieb:
Hi Oliver,
A better approach would be to just set the permissions of the files to sane values as I think running vdr as non-root is a lot better.
Matthias
Hi Matthias,
All the files have the same permissions, user and group (root:root [and i know, that this is not a good idea :)])). But it was not possible to use the font and grafic files if the are referenced with symlinks.
I will try tomorrow if the problem exists if i use a speacial vdr user, but why should it work with non-root when it doesn't with the root user?
Oliver
Klaus Schmidinger wrote:
There have been reports from people who want to run VDR as user 'root' and have trouble with access rights when using "-u root".
The attached patch simply skips all the SetCaps() and SetUser() stuff when VDR is started as 'root' and the option "-u root" has been given. This should then behave just like older versions.
Wouldn't it be a lot more natural and intuitive if the default for -u would be not to switch users at all? It wouldn't change the (previous) default behavior and it doesn't use two hard-coded user names (vdr and root). Specifying -u root to disable switching is at least strange...
Cheers,
Udo
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Udo Richter schrieb:
Klaus Schmidinger wrote:
There have been reports from people who want to run VDR as user 'root' and have trouble with access rights when using "-u root".
The attached patch simply skips all the SetCaps() and SetUser() stuff when VDR is started as 'root' and the option "-u root" has been given. This should then behave just like older versions.
Wouldn't it be a lot more natural and intuitive if the default for -u would be not to switch users at all? It wouldn't change the (previous) default behavior and it doesn't use two hard-coded user names (vdr and root). Specifying -u root to disable switching is at least strange...
I think this would be the best way, too. At first i was realy irritated as my vdr starts over and over again, because i doesnt know, the the new '-u' paramater was present (and not optional).
Oliver
Udo Richter wrote:
Klaus Schmidinger wrote:
There have been reports from people who want to run VDR as user 'root' and have trouble with access rights when using "-u root".
The attached patch simply skips all the SetCaps() and SetUser() stuff when VDR is started as 'root' and the option "-u root" has been given. This should then behave just like older versions.
Wouldn't it be a lot more natural and intuitive if the default for -u would be not to switch users at all? It wouldn't change the (previous) default behavior and it doesn't use two hard-coded user names (vdr and root). Specifying -u root to disable switching is at least strange...
For distributions the only sane default is to ship vdr running as unprivileged user. It's really helpful if upstream vdr also behaves this way by default as more people and especially plugin developers notice if there are permission problems.
cu Ludwig
Ludwig Nussel schrieb:
Udo Richter wrote:
Klaus Schmidinger wrote:
There have been reports from people who want to run VDR as user 'root' and have trouble with access rights when using "-u root".
The attached patch simply skips all the SetCaps() and SetUser() stuff when VDR is started as 'root' and the option "-u root" has been given. This should then behave just like older versions.
Wouldn't it be a lot more natural and intuitive if the default for -u would be not to switch users at all? It wouldn't change the (previous) default behavior and it doesn't use two hard-coded user names (vdr and root). Specifying -u root to disable switching is at least strange...
For distributions the only sane default is to ship vdr running as unprivileged user. It's really helpful if upstream vdr also behaves this way by default as more people and especially plugin developers notice if there are permission problems.
Permission Problems... it seems you are right with this assumption. I just worked several hours, trying to get bitstreamout to work.... and guess: the user vdr was not allowed do access /dev/audio*.
But still, I like the non-root concept... now vdr ist more 'mature'.
greets carsten
Ludwig Nussel wrote:
For distributions the only sane default is to ship vdr running as unprivileged user. It's really helpful if upstream vdr also behaves this way by default as more people and especially plugin developers notice if there are permission problems.
Distributions usually ship with their own startup scripts, so they're free to always use -u. And even if an user starts the vdr process manually, its usually from a non-root account, or?
(btw. my vdr has always been running unprivileged, and I've used the su patch before)
What about throwing a warning to console if vdr runs as root and no -u is specified?
Cheers,
Udo
Udo Richter wrote:
Klaus Schmidinger wrote:
There have been reports from people who want to run VDR as user 'root' and have trouble with access rights when using "-u root".
The attached patch simply skips all the SetCaps() and SetUser() stuff when VDR is started as 'root' and the option "-u root" has been given. This should then behave just like older versions.
Wouldn't it be a lot more natural and intuitive if the default for -u would be not to switch users at all? It wouldn't change the (previous) default behavior and it doesn't use two hard-coded user names (vdr and root). Specifying -u root to disable switching is at least strange...
Cheers,
Udo
Well, due to all the hassle with the GRAB security advisory I thought it might be a good idea to not let VDR run as root unless the user explicitly requests it.
However, I do tend to share your opinion, so if nobody disagrees I'll make it so that VDR always runs under the user id it was started with, unless the '-u' option is given (and, of course, it was started as root, otherwise it can't change its user id anyway).
Klaus
Klaus Schmidinger wrote:
Udo Richter wrote:
Klaus Schmidinger wrote:
There have been reports from people who want to run VDR as user 'root' and have trouble with access rights when using "-u root".
The attached patch simply skips all the SetCaps() and SetUser() stuff when VDR is started as 'root' and the option "-u root" has been given. This should then behave just like older versions.
Wouldn't it be a lot more natural and intuitive if the default for -u would be not to switch users at all? It wouldn't change the (previous) default behavior and it doesn't use two hard-coded user names (vdr and root). Specifying -u root to disable switching is at least strange...
[...] However, I do tend to share your opinion, so if nobody disagrees I'll make it so that VDR always runs under the user id it was started with, unless the '-u' option is given (and, of course, it was started as root, otherwise it can't change its user id anyway).
I vote for automatically using user vdr when started as root to promote the unprivileged user mode and to emphasize that using root is not recommended.
cu Ludwig
Ludwig Nussel wrote:
I vote for automatically using user vdr when started as root to promote the unprivileged user mode and to emphasize that using root is not recommended.
Is there any reason why a software should force anyone to do what seems to be the best ? I use my vdr-system for years running as root and i'm happy with it, no access from the outside world possible, so why should i waste hours for changing a lot of stuff on my vdrsystem only because some fanatics think i have to ?
Yes it's better to run vdr with a non-root account and if i have to setup my vdr-system completly from scratch i will do so, but until then please leave the possibility to run it as root.
Just my 2 cents.
cu Ludwig
/hgm.bg
hgm.bg wrote:
Ludwig Nussel wrote:
I vote for automatically using user vdr when started as root to promote the unprivileged user mode and to emphasize that using root is not recommended.
Is there any reason why a software should force anyone to do what seems to be the best ? I use my vdr-system for years running as root and i'm happy with it, no access from the outside world possible, so why should i waste hours for changing a lot of stuff on my vdrsystem only because some fanatics think i have to ?
Yes it's better to run vdr with a non-root account and if i have to setup my vdr-system completly from scratch i will do so, but until then please leave the possibility to run it as root.
noone prevents you from using Linux like DOS. Just add -u root and you are done.
cu Ludwig
2006/1/10, Ludwig Nussel ludwig.nussel@suse.de:
I vote for automatically using user vdr when started as root to promote the unprivileged user mode and to emphasize that using root is not recommended.
I would prefer a secure default setting too. Experienced users, or people who think they are, can override it on the commandline, so nobody is forced to use the secure default.
Joachim.
Joachim Wilke schrieb:
2006/1/10, Ludwig Nussel <ludwig.nussel@suse.de mailto:ludwig.nussel@suse.de>:
I vote for automatically using user vdr when started as root to promote the unprivileged user mode and to emphasize that using root is not recommended.I would prefer a secure default setting too. Experienced users, or people who think they are, can override it on the commandline, so nobody is forced to use the secure default.
Joachim.
IMHO a program should always run as the user who invoked it, unless told otherwise. Silently changing the userid does look very counterintuitive to me.
But then I'm a strong believer in "do what i told you", no "do what you think is the best for me", especially when it comes to computers.
Andreas
Andreas Holzhammer - GMX wrote:
Joachim Wilke schrieb:
2006/1/10, Ludwig Nussel <ludwig.nussel@suse.de mailto:ludwig.nussel@suse.de>:
I vote for automatically using user vdr when started as root to promote the unprivileged user mode and to emphasize that using root is not recommended.I would prefer a secure default setting too. Experienced users, or people who think they are, can override it on the commandline, so nobody is forced to use the secure default.
Joachim.
IMHO a program should always run as the user who invoked it, unless told otherwise. Silently changing the userid does look very counterintuitive to me.
But then I'm a strong believer in "do what i told you", no "do what you think is the best for me", especially when it comes to computers.
Andreas
I'll make it so that it runs under the user id of the caller, and only sets it to a different one if the caller is 'root' and the '-u' option is given (with a different user name than 'root').
For Ludwig Nussl there will be a Make.config option ;-)
Klaus
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Klaus Schmidinger schrieb:
Udo Richter wrote:
Klaus Schmidinger wrote:
There have been reports from people who want to run VDR as user 'root' and have trouble with access rights when using "-u root".
The attached patch simply skips all the SetCaps() and SetUser() stuff when VDR is started as 'root' and the option "-u root" has been given. This should then behave just like older versions.
Wouldn't it be a lot more natural and intuitive if the default for -u would be not to switch users at all? It wouldn't change the (previous) default behavior and it doesn't use two hard-coded user names (vdr and root). Specifying -u root to disable switching is at least strange...
Cheers,
Udo
Well, due to all the hassle with the GRAB security advisory I thought it might be a good idea to not let VDR run as root unless the user explicitly requests it.
However, I do tend to share your opinion, so if nobody disagrees I'll make it so that VDR always runs under the user id it was started with, unless the '-u' option is given (and, of course, it was started as root, otherwise it can't change its user id anyway).
This is the way most software works.
And with 1.3.38 it is impossible to simply get the commandline help if no useraccount 'vdr' is present on the system and the user doesn't know the '-u' switch ...
[root@tinySOFA ~]# vdr --help vdr: unknown user: 'vdr' [root@tinySOFA ~]# vdr -u root --help Usage: vdr [OPTIONS]
-a CMD, --audio=CMD send Dolby Digital audio to stdin of command CMD -c DIR, --config=DIR read config files from DIR (default is to read them from the video directory) -d, --daemon run in daemon mode -D NUM, --device=NUM use only the given DVB device (NUM = 0, 1, 2...) there may be several -D options (default: all DVB devices will be used) ...
Oliver
I demand that Oliver Friedrich may or may not have written...
[snip]
And with 1.3.38 it is impossible to simply get the commandline help if no useraccount 'vdr' is present on the system and the user doesn't know the '-u' switch ...
The attached patch (or something similar) should help.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Darren Salt schrieb:
I demand that Oliver Friedrich may or may not have written...
[snip]
And with 1.3.38 it is impossible to simply get the commandline help if no useraccount 'vdr' is present on the system and the user doesn't know the '-u' switch ...
The attached patch (or something similar) should help.
Hmm... this makes things much more complicated than it is needed ... :)
If Klaus implements the '-u' switch like he has explained earlier in this thread your patch is not needed. No detection of special users is needed, because it uses by default the current user.
Just my two cents ... Oliver
Klaus Schmidinger wrote:
There have been reports from people who want to run VDR as user 'root' and have trouble with access rights when using "-u root".
Yes, the direct access to the parallel port was denied so i had to use a slower mechanism in the graphlcd-plugin which is controling LCD-display.
The attached patch simply skips all the SetCaps() and SetUser() stuff when VDR is started as 'root' and the option "-u root" has been given. This should then behave just like older versions.
Thanks, this is now back to normal. I prefer to run vdr as root (this is my home and i'm controlling the machines :) Other might like to do it another way, so go forward.
Klaus
Thanks !
/hgm.bg
-
Andreas Holzhammer - GMX -
Carsten Presser -
Darren Salt -
Guido Fiala -
hgm.bg -
Joachim Wilke -
Klaus Schmidinger -
Lauri Tischler -
Ludwig Nussel -
Ludwig Nussel -
Matthias Schwarzott -
Oliver Friedrich -
Udo Richter