Hallo everybody,
By now I ran vdr as root. I wanted to change that but never did...
When the setuid-stuff was introduced I now managed to do so. Since I beleive some people use Debian (like me) I will shortly describe what has to be done to eliminate access problems. I don not use LIRC so there will be no hints about that.
1. Create group vdr
groupadd vdr
2. Create user vdr (no shell, home directroy will be video dir)
useradd -s /bin/false -d /home/recordings -g vdr
3. Add user vdr to other groups if necessary (edit /etc/group)
for DVD-access => disc
4. Chown your video-dir
chown vdr.root /home/recording -R
5. Modify DVB-devices
chown root.vdr /dev/dvb -R
6. Modify input-dev (for remote control)
chown root.vdr /dev/input/event*
7. Modify /proc/av7110_ir (Nexus remote-control) if you do not use a NEXUS-S with remote control you will probably have to modify something else
chown root.vdr /proc/av7110_ir chmod 661 /proc/av7110_ir
8. Modify VDR-configuration dir
by now vdr itself will start as long as the config was world readable. The text2skin caused a crash. To manage that I had to give write access to plugins/text2skin and themes in the configuration dir.
chown root.vdr /etc/vdr -R chmod 775 /etc/vdr/themes -R chmod 775 /etc/vdr/plugins/text2skin -R
Regards Peter
- Add user vdr to other groups if necessary (edit /etc/group)
for DVD-access => disc
That would be "adduser vdr disk"
- Chown your video-dir
chown vdr.root /home/recording -R
- Modify DVB-devices
chown root.vdr /dev/dvb -R
That could be done easier by adding user vdr to group video via "adduser vdr video" as the dvb devices are by default in group video.
Cheers Jan
I demand that Peter Juszack may or may not have written...
By now I ran vdr as root. I wanted to change that but never did...
When the setuid-stuff was introduced I now managed to do so. Since I beleive some people use Debian (like me)
I've been running it as non-root for ages.
I will shortly describe what has to be done to eliminate access problems. I don not use LIRC so there will be no hints about that.
- Create group vdr
groupadd vdr
No need. It'll be created by adduser.
- Create user vdr (no shell, home directroy will be video dir)
useradd -s /bin/false -d /home/recordings -g vdr
Use adduser (see my vdr package - URL in .sig - for details).
- Add user vdr to other groups if necessary (edit /etc/group)
# adduser vdr <group>
for DVD-access => disc
- Chown your video-dir
chown vdr.root /home/recording -R
# chown vdr:vdr /home/recording -R
Using "." as a separator is deprecated.
- Modify DVB-devices
chown root.vdr /dev/dvb -R
# adduser vdr video
- Modify input-dev (for remote control)
chown root.vdr /dev/input/event*
That will incorrectly change ownership of other input devices.
udev has a rule which will set group ownership of the appropriate device node to "video".
- Modify /proc/av7110_ir (Nexus remote-control)
if you do not use a NEXUS-S with remote control you will probably have to modify something else
If you're using a card which requires the budget-ci driver, the driver sould be frome patched kernel sources, patched v4l-dvb CVS, or dvb-driver-source (which contains pre-patched sources).
dvb-utils is Very Useful either way.
Kernel patches: URL:http://www.youmustbejoking.demon.co.uk/progs/linux/dvb-budget-ci.patch.tar.gz Read the docs :-)
Kernel 2.6.15, current v4l-dvb CVS: patches attached. This is a different approach to the same problem and will automatically select the appropriate keymap for cards such as my Nova-T (subsystem ID 13C2:1011).
chown root.vdr /proc/av7110_ir chmod 661 /proc/av7110_ir
Not needed. Load the keymap at boot (if the DVB driver is built in) or when the module is loaded (via a file in /etc/modprobe.d).
[snip]
Peter Juszack wrote:
By now I ran vdr as root. I wanted to change that but never did... When the setuid-stuff was introduced I now managed to do so. Since I beleive some people use Debian (like me) I will shortly describe what has to be done to eliminate access problems.
Another suggestion from someone who's using a vdr user for some time:
One of my frequent mistakes was to leave files and folders with wrong access rights in the video folder or in the .conf files, resulting in VDR not being able to write timers, not being able to delete recordings, or (worst) not being able to record to a sub-folder. There's a less known way to avoid such mistakes: Set the setgid (g+s) bit on all *folders*:
find /video -exec chown vdr:vdr {} ; find /video -type d -exec chmod g+s {} ;
Same for config folders, of course. After that, each file and folder created inside /video will automatically belong to the vdr group, and if (as usual) the files have group rw rights, then vdr user has always full access to them. All new folders will also inherit the g+s bit.
Cheers,
Udo
-
Darren Salt -
Jan Wagner -
Peter Juszack -
Udo Richter -
Wolfgang Rohdewald