From b11dcb15de18b20b55f2b0ceea3df6f540c75774 Mon Sep 17 00:00:00 2001 From: Klaus Schmidinger Date: Fri, 13 Jan 2006 16:16:32 +0100 Subject: Dropped the default vdr user --- HISTORY | 5 +++++ INSTALL | 8 ++++---- Make.config.template | 5 ++++- Makefile | 5 ++++- vdr.1 | 6 +++--- vdr.c | 17 +++++++++-------- 6 files changed, 29 insertions(+), 17 deletions(-) diff --git a/HISTORY b/HISTORY index 03eda7aa..185f0747 100644 --- a/HISTORY +++ b/HISTORY @@ -4155,3 +4155,8 @@ Video Disk Recorder Revision History - Making the "Menu" key behave consistently has not been well received by several users, so the new option "Setup/OSD/Menu button closes" can be used to get the old behavior back (which also is the default value of this option). +- Dropped the default vdr user. The program now always runs under the user id + it was started from, unless the '-u' option is given and it was started from + the 'root' user. If you want to have a default vdr user, you can activate and + adjust the "VDR_USER = vdr" line in your Make.config file (from the original + patch by Ludwig Nussel). diff --git a/INSTALL b/INSTALL index 8290c259..18c303cc 100644 --- a/INSTALL +++ b/INSTALL @@ -136,10 +136,10 @@ Setting the system time: ------------------------ If you want VDR to set the system time according to the data received -from the transponder, you need to start VDR as user 'root'. VDR will -then only keep the capability to set the system time, and set its -user id to a lesser privileged one ('vdr' by default, can be set -to a different value with the '-u' option). +from the transponder, you need to start VDR as user 'root'. For security +reasons you should then use the '-u' option to define a lesser privileged +user id under which VDR should actually run. It will then only keep the +capability to set the system time, and set its user id to the given one. You also need to enable the "EPG/Set system time" option in VDR's Setup menu, and select a transponder from which you want to receive the time in "Use time from transponder". Make sure you select a transponder diff --git a/Make.config.template b/Make.config.template index 5cbf42bf..fcf607c7 100644 --- a/Make.config.template +++ b/Make.config.template @@ -6,7 +6,7 @@ # See the main source file 'vdr.c' for copyright information and # how to reach the author. # -# $Id: Make.config.template 1.6 2005/09/02 14:24:31 kls Exp $ +# $Id: Make.config.template 1.7 2006/01/13 16:06:11 kls Exp $ ### The C compiler and options: @@ -30,3 +30,6 @@ VIDEODIR = /video LIRC_DEVICE = /dev/lircd RCU_DEVICE = /dev/ttyS1 + +## Define if you want vdr to not run as root +#VDR_USER = vdr diff --git a/Makefile b/Makefile index 74814905..f1b61e78 100644 --- a/Makefile +++ b/Makefile @@ -4,7 +4,7 @@ # See the main source file 'vdr.c' for copyright information and # how to reach the author. # -# $Id: Makefile 1.82 2006/01/08 16:12:26 kls Exp $ +# $Id: Makefile 1.83 2006/01/13 16:04:56 kls Exp $ .DELETE_ON_ERROR: @@ -77,6 +77,9 @@ endif ifdef REMOTE DEFINES += -DREMOTE_$(REMOTE) endif +ifdef VDR_USER +DEFINES += -DVDR_USER=\"$(VDR_USER)\" +endif LIRC_DEVICE ?= /dev/lircd RCU_DEVICE ?= /dev/ttyS1 diff --git a/vdr.1 b/vdr.1 index 9ea300d3..b71e13e3 100644 --- a/vdr.1 +++ b/vdr.1 @@ -8,7 +8,7 @@ .\" License as specified in the file COPYING that comes with the .\" vdr distribution. .\" -.\" $Id: vdr.1 1.20 2006/01/08 11:51:36 kls Exp $ +.\" $Id: vdr.1 1.21 2006/01/13 16:01:19 kls Exp $ .\" .TH vdr 1 "08 Jan 2006" "1.3.38" "Video Disk Recorder" .SH NAME @@ -132,8 +132,8 @@ Set the controlling terminal. Run as user \fIuser\fR in case vdr was started as user 'root'. Starting vdr as 'root' is necessary if the system time shall be set from the transponder data, but for security reasons -during normal operation vdr switches to a lesser privileged -user id. By default the user 'vdr' is used. +vdr can switch to a lesser privileged user id during normal +operation. .TP .BI \-v\ dir ,\ \-\-video= dir Use \fIdir\fR as video directory. diff --git a/vdr.c b/vdr.c index 5d387909..b9da3fb4 100644 --- a/vdr.c +++ b/vdr.c @@ -22,7 +22,7 @@ * * The project's page is at http://www.cadsoft.de/vdr * - * $Id: vdr.c 1.235 2006/01/13 15:33:54 kls Exp $ + * $Id: vdr.c 1.236 2006/01/13 16:16:32 kls Exp $ */ #include @@ -157,14 +157,13 @@ int main(int argc, char *argv[]) // Command line options: -#define DEFAULTVDRUSER "vdr" #define DEFAULTSVDRPPORT 2001 #define DEFAULTWATCHDOG 0 // seconds #define DEFAULTPLUGINDIR PLUGINDIR #define DEFAULTEPGDATAFILENAME "epg.data" bool StartedAsRoot = false; - const char *VdrUser = DEFAULTVDRUSER; + const char *VdrUser = NULL; int SVDRPport = DEFAULTSVDRPPORT; const char *AudioCommand = NULL; const char *ConfigDirectory = NULL; @@ -192,6 +191,9 @@ int main(int argc, char *argv[]) #if defined(VFAT) VfatFileSystem = true; #endif +#if defined(VDR_USER) + VdrUser = VDR_USER; +#endif cPluginManager PluginManager(DEFAULTPLUGINDIR); int ExitCode = 0; @@ -337,7 +339,7 @@ int main(int argc, char *argv[]) // Set user id in case we were started as root: - if (getuid() == 0) { + if (VdrUser && getuid() == 0) { StartedAsRoot = true; if (strcmp(VdrUser, "root")) { if (!SetKeepCaps(true)) @@ -394,8 +396,8 @@ int main(int argc, char *argv[]) " -r CMD, --record=CMD call CMD before and after a recording\n" " -s CMD, --shutdown=CMD call CMD to shutdown the computer\n" " -t TTY, --terminal=TTY controlling tty\n" - " -u USER, --user=USER run as user USER (default: %s); only applicable\n" - " if started as root\n" + " -u USER, --user=USER run as user USER; only applicable if started as\n" + " root\n" " -v DIR, --video=DIR use DIR as video directory (default: %s)\n" " -V, --version print version information and exit\n" " --vfat encode special characters in recording names to\n" @@ -408,7 +410,6 @@ int main(int argc, char *argv[]) LIRC_DEVICE, DEFAULTSVDRPPORT, RCU_DEVICE, - DEFAULTVDRUSER, VideoDirectory, DEFAULTWATCHDOG ); @@ -473,7 +474,7 @@ int main(int argc, char *argv[]) } isyslog("VDR version %s started", VDRVERSION); - if (StartedAsRoot) + if (StartedAsRoot && VdrUser) isyslog("switched to user '%s'", VdrUser); if (DaemonMode) dsyslog("running as daemon (tid=%d)", cThread::ThreadId()); -- cgit v1.2.3