Mailing List Archive

Sudoers fix for MythTV builtin commands requiring sudo systemctl
In mythtv-setup and mythfrontend, there are commands to halt, power
off and reboot the PC and to start and stop mythbackend. Since the
arrival of systemd, these commands as installed do not work or do not
work correctly, since they now require the use of the systemctl
command with sudo. Having mythtv-setup unable to stop and start
mythbackend causes a number of problems for people who think they have
changed a setting but have only changed it in the database as
mythbackend needs to be restarted before it will see the change. This
causes a lot of confusion. And you can wind up with multiple copies
of mythbackend running at the same time also.

I have created what I hope is a good workaround for this problem on
Ubuntu 18.04, and it should also work on Ubuntu 16.04. It uses an
entry in sudoers to allow a helper script to be run with sudo to
execute the correct systemctl commands.

Here is the /etc/sudoers.d/mythtv-systemctl-helper file:

mythtv,%mythtv
ALL=NOPASSWD:/home/mythtv/bin/mythtv-systemctl-helper.sh

(all one line - my email client wraps long lines)

And here is the /home/mythtv/bin/mythtv-systemctl-helper.sh file:

#!/bin/bash
# Sudoers helper script for MythTV programs to be able to do necessary
systemctl commands.
# Author: J S Worthington
# Version 1.0 2019-07-14

# Warning: For this script to work safely (without any security
risks), it
# must be "chown root:mythtv" and "chmod ug=rx,o=".

#set -x

if [ "$1" == "" ]; then
exit 1
fi

if [ "$1" == "reboot" ] || [ "$1" == "poweroff" ] || [ "$1" == "halt"
]; then

# Execute the systemctl aliased command.
$1

elif [ "$1" == "start" ] || [ "$1" == "stop" ] || [ "$1" == "restart"
] || [ "$1" == "status" ]; then

# Execute the command on the mythbackend service.
systemctl $1 mythtv-backend.service

fi

To install these two new files, run the following commands to download
them from my web server:

sudo su
cd /home/mythtv/
if [ ! -d bin ]; then
mkdir bin
chown mythtv:mythtv bin
fi
cd bin
wget https://www.jsw.gen.nz/mythtv/mythtv-systemctl-helper.sh
chown root:mythtv mythtv-systemctl-helper.sh
chmod ug=rx,o= mythtv-systemctl-helper.sh
cd /etc/sudoers.d
wget https://www.jsw.gen.nz/mythtv/mythtv-systemctl-helper
chown root:root mythtv-systemctl-helper
chmod ug=r,o= mythtv-systemctl-helper
exit

Note that I am unable to test the above install script as it will only
work from outside my network, so please let me know if there are any
problems.

Once the above install is done, you should be able to test it by
running commands like this from your mythfrontend user:

sudo /home/mythtv/bin/mythtv-systemctl-helper.sh stop

That command should stop mythbackend, and it should not ask you for
authentication as sudo normally does.

If that works, then you need to make the following MythTV settings
changes:

mythtv-setup > 1. General > Shutdown/Wakeup Options > Server halt
command:
sudo /home/mythtv/bin.mythtv-systemctl-helper.sh halt

mythtv-setup > 1. General > Backend Control > Backend stop command:
sudo /home/mythtv/bin.mythtv-systemctl-helper.sh stop

mythtv-setup > 1. General > Backend Control > Backend start command:
sudo /home/mythtv/bin.mythtv-systemctl-helper.sh start

mythfrontend > Setup > General > Shutdown/Reboot Settings > Halt
command:
sudo /home/mythtv/bin.mythtv-systemctl-helper.sh poweroff

mythfrontend > Setup > General > Shutdown/Reboot Settings > Reboot
command:
sudo /home/mythtv/bin.mythtv-systemctl-helper.sh reboot

The mythfrontend commands are run locally on the frontend PC, so you
have to install the files and do those two setups on each frontend as
well as the backend PC. I only have a combined frontend/backend box,
so I have not tested with remote frontends.

Please consider this to be beta software - I make no guarantees that
it will work on your system, but it does work on mine and I would like
to have some other people test it too. And I am no expert on using
sudoers, so it is possible that I have left a security hole. Again,
please let me know if you think I am doing something the wrong way.
_______________________________________________
mythtv-users mailing list
mythtv-users@mythtv.org
http://lists.mythtv.org/mailman/listinfo/mythtv-users
http://wiki.mythtv.org/Mailing_List_etiquette
MythTV Forums: https://forum.mythtv.org
Re: Sudoers fix for MythTV builtin commands requiring sudo systemctl [ In reply to ]
On Sun, Jul 14 2019 at 5:18 +12, Stephen Worthington wrote:

[...]

> I have created what I hope is a good workaround for this problem on
> Ubuntu 18.04, and it should also work on Ubuntu 16.04. It uses an
> entry in sudoers to allow a helper script to be run with sudo to
> execute the correct systemctl commands.
>
> Here is the /etc/sudoers.d/mythtv-systemctl-helper file:
>
> mythtv,%mythtv
> ALL=NOPASSWD:/home/mythtv/bin/mythtv-systemctl-helper.sh

I don't have /home/mythtv in my Debian stable (buster) installation, I
replaced it everywhere by my home directory.

[...]

> Once the above install is done, you should be able to test it by
> running commands like this from your mythfrontend user:
>
> sudo /home/mythtv/bin/mythtv-systemctl-helper.sh stop
>
> That command should stop mythbackend, and it should not ask you for
> authentication as sudo normally does.

It stops the backend in the sense that systemctl status mythtv-backend
reports "Active: inactive (dead)", but setup still claims the backend is
running (I wrote about it in one of my previous mail). Annoying but
without consequences (at least this is mine impression).

>
> If that works, then you need to make the following MythTV settings
> changes:
>
> mythtv-setup > 1. General > Shutdown/Wakeup Options > Server halt
> command:
> sudo /home/mythtv/bin.mythtv-systemctl-helper.sh halt

sudo /home/mythtv/bin/mythtv-systemctl-helper.sh halt


>
> mythtv-setup > 1. General > Backend Control > Backend stop command:
> sudo /home/mythtv/bin.mythtv-systemctl-helper.sh stop

sudo /home/mythtv/bin/mythtv-systemctl-helper.sh stop

>
> mythtv-setup > 1. General > Backend Control > Backend start command:

> sudo /home/mythtv/bin.mythtv-systemctl-helper.sh start

sudo /home/mythtv/bin.mythtv-systemctl-helper.sh start


In my setup I don't see "Shutdown/Reboot Settings" (but can live with
it):

> mythfrontend > Setup > General > Shutdown/Reboot Settings > Halt
> command:
> sudo /home/mythtv/bin.mythtv-systemctl-helper.sh poweroff
>
> mythfrontend > Setup > General > Shutdown/Reboot Settings > Reboot
> command:
> sudo /home/mythtv/bin.mythtv-systemctl-helper.sh reboot

[...]

> Please consider this to be beta software - I make no guarantees that
> it will work on your system, but it does work on mine and I would like
> to have some other people test it too.

Works on mine (at least seems to).

Thank you very much!

Best regards

Janusz

--
,
Janusz S. Bien
emeryt (emeritus)
https://sites.google.com/view/jsbien
_______________________________________________
mythtv-users mailing list
mythtv-users@mythtv.org
http://lists.mythtv.org/mailman/listinfo/mythtv-users
http://wiki.mythtv.org/Mailing_List_etiquette
MythTV Forums: https://forum.mythtv.org
Re: Sudoers fix for MythTV builtin commands requiring sudo systemctl [ In reply to ]
On Sun, 14 Jul 2019 05:18:25 +1200, you wrote:

>In mythtv-setup and mythfrontend, there are commands to halt, power
>off and reboot the PC and to start and stop mythbackend. Since the
>arrival of systemd, these commands as installed do not work or do not
>work correctly, since they now require the use of the systemctl
>command with sudo. Having mythtv-setup unable to stop and start
>mythbackend causes a number of problems for people who think they have
>changed a setting but have only changed it in the database as
>mythbackend needs to be restarted before it will see the change. This
>causes a lot of confusion. And you can wind up with multiple copies
>of mythbackend running at the same time also.
>
>I have created what I hope is a good workaround for this problem on
>Ubuntu 18.04, and it should also work on Ubuntu 16.04. It uses an
>entry in sudoers to allow a helper script to be run with sudo to
>execute the correct systemctl commands.
>
>Here is the /etc/sudoers.d/mythtv-systemctl-helper file:
>
>mythtv,%mythtv
>ALL=NOPASSWD:/home/mythtv/bin/mythtv-systemctl-helper.sh
>
>(all one line - my email client wraps long lines)
>
>And here is the /home/mythtv/bin/mythtv-systemctl-helper.sh file:
>
>#!/bin/bash
># Sudoers helper script for MythTV programs to be able to do necessary
>systemctl commands.
># Author: J S Worthington
># Version 1.0 2019-07-14
>
># Warning: For this script to work safely (without any security
>risks), it
># must be "chown root:mythtv" and "chmod ug=rx,o=".
>
>#set -x
>
>if [ "$1" == "" ]; then
> exit 1
>fi
>
>if [ "$1" == "reboot" ] || [ "$1" == "poweroff" ] || [ "$1" == "halt"
>]; then
>
> # Execute the systemctl aliased command.
> $1
>
>elif [ "$1" == "start" ] || [ "$1" == "stop" ] || [ "$1" == "restart"
>] || [ "$1" == "status" ]; then
>
> # Execute the command on the mythbackend service.
> systemctl $1 mythtv-backend.service
>
>fi
>
>To install these two new files, run the following commands to download
>them from my web server:
>
>sudo su
>cd /home/mythtv/
>if [ ! -d bin ]; then
> mkdir bin
> chown mythtv:mythtv bin
>fi
>cd bin
>wget https://www.jsw.gen.nz/mythtv/mythtv-systemctl-helper.sh
>chown root:mythtv mythtv-systemctl-helper.sh
>chmod ug=rx,o= mythtv-systemctl-helper.sh
>cd /etc/sudoers.d
>wget https://www.jsw.gen.nz/mythtv/mythtv-systemctl-helper
>chown root:root mythtv-systemctl-helper
>chmod ug=r,o= mythtv-systemctl-helper
>exit
>
>Note that I am unable to test the above install script as it will only
>work from outside my network, so please let me know if there are any
>problems.
>
>Once the above install is done, you should be able to test it by
>running commands like this from your mythfrontend user:
>
>sudo /home/mythtv/bin/mythtv-systemctl-helper.sh stop
>
>That command should stop mythbackend, and it should not ask you for
>authentication as sudo normally does.
>
>If that works, then you need to make the following MythTV settings
>changes:
>
>mythtv-setup > 1. General > Shutdown/Wakeup Options > Server halt
>command:
> sudo /home/mythtv/bin.mythtv-systemctl-helper.sh halt
>
>mythtv-setup > 1. General > Backend Control > Backend stop command:
> sudo /home/mythtv/bin.mythtv-systemctl-helper.sh stop
>
>mythtv-setup > 1. General > Backend Control > Backend start command:
> sudo /home/mythtv/bin.mythtv-systemctl-helper.sh start
>
>mythfrontend > Setup > General > Shutdown/Reboot Settings > Halt
>command:
> sudo /home/mythtv/bin.mythtv-systemctl-helper.sh poweroff
>
>mythfrontend > Setup > General > Shutdown/Reboot Settings > Reboot
>command:
> sudo /home/mythtv/bin.mythtv-systemctl-helper.sh reboot
>
>The mythfrontend commands are run locally on the frontend PC, so you
>have to install the files and do those two setups on each frontend as
>well as the backend PC. I only have a combined frontend/backend box,
>so I have not tested with remote frontends.
>
>Please consider this to be beta software - I make no guarantees that
>it will work on your system, but it does work on mine and I would like
>to have some other people test it too. And I am no expert on using
>sudoers, so it is possible that I have left a security hole. Again,
>please let me know if you think I am doing something the wrong way.

It has just been pointed out that there is I made a nasty typo in the
above instructions, and then cut and pasted the same typo. Wherever
there is "/home/mythtv/bin.mythtv-systemctl-helper.sh" it should
actually be "/home/mythtv/bin/mythtv-systemctl-helper.sh". So it
should read:

mythtv-setup > 1. General > Shutdown/Wakeup Options > Server halt
command:
sudo /home/mythtv/bin/mythtv-systemctl-helper.sh halt

mythtv-setup > 1. General > Backend Control > Backend stop command:
sudo /home/mythtv/bin/mythtv-systemctl-helper.sh stop

mythtv-setup > 1. General > Backend Control > Backend start command:
sudo /home/mythtv/bin/mythtv-systemctl-helper.sh start

mythfrontend > Setup > General > Shutdown/Reboot Settings > Halt
command:
sudo /home/mythtv/bin/mythtv-systemctl-helper.sh poweroff

mythfrontend > Setup > General > Shutdown/Reboot Settings > Reboot
command:
sudo /home/mythtv/bin/mythtv-systemctl-helper.sh reboot

Apologies to anyone who tried to follow those instructions as written.
_______________________________________________
mythtv-users mailing list
mythtv-users@mythtv.org
http://lists.mythtv.org/mailman/listinfo/mythtv-users
http://wiki.mythtv.org/Mailing_List_etiquette
MythTV Forums: https://forum.mythtv.org