On Wed, 2011-10-19 at 16:35 -0500, Richard Shaw wrote: > On Wed, Oct 19, 2011 at 4:27 PM, Kay Sievers <kay.sievers@xxxxxxxx> wrote: > > On Wed, Oct 19, 2011 at 23:20, Richard Shaw <hobbes1069@xxxxxxxxx> wrote: > >> On Wed, Oct 19, 2011 at 3:58 PM, Tom Hughes <tom@xxxxxxxxxx> wrote: > >>> On 19/10/11 21:48, Richard Shaw wrote: > >>>> > >>>> On Wed, Oct 19, 2011 at 3:26 PM, Lennart Poettering > >>>> <mzerqung@xxxxxxxxxxx> wrote: > >>>>> > >>>>> You should manage acess control of device nodes from udev rules. That's > >>>>> the only reasonably safe way to handle these things. And this should not > >>>>> be mentioned at all in systemd unit files. > >> > >> Ok based on Tom's file I came up with the following. I know Lennart, > >> you don't like setting ACL's from Systemd, but unless someone want's > >> to help me write udev rules that will run before the start of > >> mythbackend and after it's stopped, this is all I have: > > > > Yeah, that looks very wrong. > > > > Like mentioned earlier in this thread, just put the user into the > > audio/video system group and forget about any permissions management. > > That works for me. I wonder if I could use ExecStartPre to run a shell > script to make sure the user is in those groups and write to stderr if > not? > > Also, the shell expansion doesn't work on ExecStart, so how to I set > the user in the command line? There's an explicit User= value in systemd services that tells it what user to run the service as. I'd think best practice here would be for mythbackend package to create a mythbackend user which is a member of audio and video groups, and have the startup script run mythbackend as that user...would there be any problem with that approach? -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
