[vdr] Re: set system time without root priviledges

Sebastian Frei Sebastian at schnapsleichen.de
Sun Jul 24 11:40:19 CEST 2005


Am Sonntag 24 Juli 2005 11:17 schrieb Simon Baxter:
> >> If I'm understanding the su correctly, and vdr must be run as root but
> >> the
> >> date set will be done by another user, I can't see the point!  If you're
> >> running vdr as root you're already running an 'untrusted' application
> >> with
> >> full machine rights.  Why then switch to another user just for the date
> >> set?
> >
> > It's exactly the opposite: VDR drops all root privileges, except the
> > capability to set the time.
> >
> > S.
>
> I'm confused.
>
> So you run VDR as root or not??
>
>
>
> _______________________________________________
> vdr mailing list
> vdr at linuxtv.org
> http://www.linuxtv.org/cgi-bin/mailman/listinfo/vdr
OK,
approach 1: settime patch

you start vdr as ordinary user, when it want's to set the time, it calls "sudo 
date ....", so that date will run as root.

approach 2: su patch

you start vdr as root, it drops all but the CAP_SET_TIME capability and 
changes its UID to something different you define in the Make.config. VDR 
only starts as root, but later runs with a different UID.

S.



More information about the vdr mailing list