[vdr] Re: set system time without root priviledges
Sebastian at schnapsleichen.de
Sun Jul 24 11:40:19 CEST 2005
Am Sonntag 24 Juli 2005 11:17 schrieb Simon Baxter:
> >> If I'm understanding the su correctly, and vdr must be run as root but
> >> the
> >> date set will be done by another user, I can't see the point! If you're
> >> running vdr as root you're already running an 'untrusted' application
> >> with
> >> full machine rights. Why then switch to another user just for the date
> >> set?
> > It's exactly the opposite: VDR drops all root privileges, except the
> > capability to set the time.
> > S.
> I'm confused.
> So you run VDR as root or not??
> vdr mailing list
> vdr at linuxtv.org
approach 1: settime patch
you start vdr as ordinary user, when it want's to set the time, it calls "sudo
date ....", so that date will run as root.
approach 2: su patch
you start vdr as root, it drops all but the CAP_SET_TIME capability and
changes its UID to something different you define in the Make.config. VDR
only starts as root, but later runs with a different UID.
More information about the vdr