search

nettings / medianet

A distribution overlay for Raspbian and similar systems to create a JACK-based embedded system for audio processing and streaming. Contract work for [mn] medianet. https://www.medianet-home.de
Other
11 stars 2 forks source link

sudo libpam-ssh-agent-auth breaks kodi #99

Closed nettings closed 6 months ago

nettings commented 2 years ago

The (quite convoluted) /usr/bin/kodi script has three sudo calls. Two of them are certainly obsolete because they use "service start" rather than systemd calls, and to a "cec" service that no longer exists. The final one is a call to openvt (which could probably be avoided by setting appropriate permissions on a tty), but it also uses a call to "su" in its subcommand.

For now, if you want to use kodi, the workaround is to add /etc/sudoers.d/99-medianet-kodi with the following content:

medianet ALL=(ALL) NOPASSWD: ALL

WARNING: This undoes privilege separation completely.

nettings commented 2 years ago

FIXME: limit sudo to only the calls required in that script?

nettings commented 6 months ago

we now allow members of the video group to sudo /bin/fgconsole and /bin/chvt *.