I know this has been discussed in the past, but the threads have got confused with Time Warp and all sorts.
How can I let VDR set system time off a transponder (with stime()???) without root priviledges?
Thanks
Simon
Selon Simon Baxter linuxtv@nzbaxters.com:
I know this has been discussed in the past, but the threads have got confused with Time Warp and all sorts.
How can I let VDR set system time off a transponder (with stime()???) without root priviledges?
I don't know.
I will use sudo and in vdr exec something like 'sudo date newdate'.
In my case I use a command from linux dvb-utils (dvb-date ???) that I run with sudo and I launch it via vdr command menu. It works but it isn't automatic.
Matthieu
Simon Baxter wrote:
I know this has been discussed in the past, but the threads have got confused with Time Warp and all sorts.
How can I let VDR set system time off a transponder (with stime()???) without root priviledges?
http://www.suse.de/~lnussel/vdr/vdr-1.3.27-su.diff
cu Ludwig
Ludwig Nussel wrote:
Simon Baxter wrote:
I know this has been discussed in the past, but the threads have got confused with Time Warp and all sorts.
How can I let VDR set system time off a transponder (with stime()???) without root priviledges?
It's also a good idea to "modprobe capability" before starting vdr if you have build this as a kernel module instead of builtin. In Debian a "echo capability >> /etc/modules" will bring you to the save side! :-)
I had a 4 hours debugging sessing to find this solution! :-)
CU
Simon Baxter wrote:
I know this has been discussed in the past, but the threads have got confused with Time Warp and all sorts.
How can I let VDR set system time off a transponder (with stime()???) without root priviledges?
http://www.suse.de/~lnussel/vdr/vdr-1.3.27-su.diff
cu Ludwig
I applied that patch - is there any other instruction on how to get around :
cannot set group id 501: Operation not permitted
Simon Baxter wrote:
I applied that patch - is there any other instruction on how to get around :
cannot set group id 501: Operation not permitted
This patch lacks some good readme instructions...
I guess you found the Make.config.template file and changed your Make.config accordingly?
Did you realize that you now have to start VDR as root, and VDR will change its user to the one you've set in Make.config?
Cheers,
Udo
Simon Baxter wrote:
I applied that patch - is there any other instruction on how to get around :
cannot set group id 501: Operation not permitted
This patch lacks some good readme instructions...
I guess you found the Make.config.template file and changed your Make.config accordingly?
Did you realize that you now have to start VDR as root, and VDR will change its user to the one you've set in Make.config?
ahh, no. Didn't realise that.
Can't I just add an entry in sudoers for the date command? Can I incorporate a 'sudo date set' into vdr??
Simon Baxter wrote:
Can't I just add an entry in sudoers for the date command? Can I incorporate a 'sudo date set' into vdr??
The settime patch does it this way. It may need several attempts, because all the user- and process-switching adds some delay to the clock, but it works. The su implementation is imho a lot cleaner way though.
See:
http://www.vdr-wiki.de/wiki/index.php/Settime-patch http://www.linuxtv.org/vdrwiki/index.php/Settime-patch
A patched version for recent builds is here:
http://urichter.cjb.net/vdr/?h=settime&l=en
Cheers,
Udo
Simon Baxter wrote:
Can't I just add an entry in sudoers for the date command? Can I incorporate a 'sudo date set' into vdr??
The settime patch does it this way. It may need several attempts, because all the user- and process-switching adds some delay to the clock, but it works. The su implementation is imho a lot cleaner way though.
See:
http://www.vdr-wiki.de/wiki/index.php/Settime-patch http://www.linuxtv.org/vdrwiki/index.php/Settime-patch
A patched version for recent builds is here:
If I'm understanding the su correctly, and vdr must be run as root but the date set will be done by another user, I can't see the point! If you're running vdr as root you're already running an 'untrusted' application with full machine rights. Why then switch to another user just for the date set?
Am Sonntag 24 Juli 2005 09:19 schrieb Simon Baxter:
Simon Baxter wrote:
Can't I just add an entry in sudoers for the date command? Can I incorporate a 'sudo date set' into vdr??
The settime patch does it this way. It may need several attempts, because all the user- and process-switching adds some delay to the clock, but it works. The su implementation is imho a lot cleaner way though.
See:
http://www.vdr-wiki.de/wiki/index.php/Settime-patch http://www.linuxtv.org/vdrwiki/index.php/Settime-patch
A patched version for recent builds is here:
If I'm understanding the su correctly, and vdr must be run as root but the date set will be done by another user, I can't see the point! If you're running vdr as root you're already running an 'untrusted' application with full machine rights. Why then switch to another user just for the date set?
It's exactly the opposite: VDR drops all root privileges, except the capability to set the time.
S.
If I'm understanding the su correctly, and vdr must be run as root but the date set will be done by another user, I can't see the point! If you're running vdr as root you're already running an 'untrusted' application with full machine rights. Why then switch to another user just for the date set?
It's exactly the opposite: VDR drops all root privileges, except the capability to set the time.
S.
I'm confused.
So you run VDR as root or not??
Simon Baxter wrote:
If I'm understanding the su correctly, and vdr must be run as root but the date set will be done by another user, I can't see the point! If you're running vdr as root you're already running an 'untrusted' application with full machine rights. Why then switch to another user just for the date set?
It's exactly the opposite: VDR drops all root privileges, except the capability to set the time.
S.
I'm confused.
So you run VDR as root or not??
No, the idea is to run vdr as an unprivileged user and use sudo to set the time.
C.
Simon Baxter wrote:
I'm confused.
So you run VDR as root or not??
Compare it to apache: You must start it to bind it to priveleged port 80 but afterwards, it su's to its own unpriveleged user. In the same manner starts vdr as root, signs up the right to keep the capability to set the system clock, and afterwards su's to the configured user.
CU
Am Sonntag 24 Juli 2005 11:17 schrieb Simon Baxter:
If I'm understanding the su correctly, and vdr must be run as root but the date set will be done by another user, I can't see the point! If you're running vdr as root you're already running an 'untrusted' application with full machine rights. Why then switch to another user just for the date set?
It's exactly the opposite: VDR drops all root privileges, except the capability to set the time.
S.
I'm confused.
So you run VDR as root or not??
vdr mailing list vdr@linuxtv.org http://www.linuxtv.org/cgi-bin/mailman/listinfo/vdr
OK, approach 1: settime patch
you start vdr as ordinary user, when it want's to set the time, it calls "sudo date ....", so that date will run as root.
approach 2: su patch
you start vdr as root, it drops all but the CAP_SET_TIME capability and changes its UID to something different you define in the Make.config. VDR only starts as root, but later runs with a different UID.
S.
-
C.Y.M -
castet.matthieu@free.fr -
Ludwig Nussel -
Patrick Cernko -
Sebastian Frei -
Simon Baxter -
Udo Richter