[mythtvnz] New install - mythbackend password not accepted

Paul paulgir at gmail.com
Sat Jul 3 03:34:57 BST 2021


On 8/04/21 6:24 am, Stephen Worthington wrote:
> On Thu, 8 Apr 2021 04:39:05 +1200, you wrote:
>
>
>> I'll check the sudoers.d helper and make the other changes regarding the
>> shutdown bug .
>>
>> One thing I wondered about regarding the helper script was ,in your
>> installation procedure ,for the helper script in /mythtv/bin you issue:
>> chmod ug=rx,o= mythtv-systemctl-helper.sh  command and for the one in
>> /etc/sudoers.d you use: chmod ug=r,o= mythtv-systemctl-helper  without x
>> to make executable. Was this intentional? or a typo?
> The helper script is a bash script, so it must have executable
> permissions.  It is not particularly security sensitive as its ability
> to do things without a password is not in this file but in the sudoers
> config file referring to it.  Using it only makes sense in the context
> of using it with an sudoers configuration that allows it to work
> without needing a password.  In any other situation where you do need
> to use a password, it is normally simpler just to use the systemctl
> commands directly.
>
> The sudoers file is not executable, it is a configuration file, and a
> very security sensitive one at that.  The permissions on sudoers files
> have to be exactly right or sudo will ignore them, as if they have the
> wrong permissions that would allow someone to easily get root access.
> The recommendation for sudoers files is that they have no more than
> read access for the user and group and nothing else, and be only root
> ownership and root group.  So even root can not write them without
> changing their permissions first.  When you do an sudo command from
> other than a root account, sudo will be run as root and will look up
> its sudoers config files to see if it has permission to do what it is
> being asked to do.  So it will be reading those sudoers config files
> as root:root.  If it does not find a match in the sudoers file, it
> will not execute the command (at all, and certainly not as root).  If
> it does find a match, it sees what permissions it has been given to
> execute things.  In this case the config says it can execute the
> specified file without requesting a password, so that is what it does.
> When you do a normal sudo command from your non-root account, sudo
> will match that against this config found in /etc/sudoers:
>
> # Allow members of group sudo to execute any command
> %sudo   ALL=(ALL:ALL) ALL
>
> That says that sudo is allowed to execute any command as root if the
> account is a member of the sudo group, but as there is not a NOPASSWD
> option, it has to ask for a password first.  The login account that
> gets set up when you install Ubuntu is automatically added to the sudo
> group (and the admin group that is allowed to use su to switch to the
> root account).
>
>> I'll be busy for the following 2 days and be  making the changes on
>> Saturday.
>>
>> -Paul
> _______________________________________________
> mythtvnz mailing list
> mythtvnz at lists.ourshack.com
> https://lists.ourshack.com/mailman/listinfo/mythtvnz
> Archives http://www.gossamer-threads.com/lists/mythtv/mythtvnz/


Hi Stephen et al

I'm back setting up the new 20.04 MythTV system.

Can you point me to the best guides to set up systemd to wait for HDHR 
and for Haupauge tuners to load before starting Mythbackend?

There is a lot of information out there (in the list) but I don't know 
which is the most concise.

Thanks

Paul




More information about the mythtvnz mailing list