On Wed, Oct 19, 2011 at 23:35, Richard Shaw <hobbes1069@xxxxxxxxx> wrote: > On Wed, Oct 19, 2011 at 4:27 PM, Kay Sievers <kay.sievers@xxxxxxxx> wrote: >> On Wed, Oct 19, 2011 at 23:20, Richard Shaw <hobbes1069@xxxxxxxxx> wrote: >>> On Wed, Oct 19, 2011 at 3:58 PM, Tom Hughes <tom@xxxxxxxxxx> wrote: >>>> On 19/10/11 21:48, Richard Shaw wrote: >>>>> >>>>> On Wed, Oct 19, 2011 at 3:26 PM, Lennart Poettering >>>>> <mzerqung@xxxxxxxxxxx> wrote: >>>>>> >>>>>> You should manage acess control of device nodes from udev rules. That's >>>>>> the only reasonably safe way to handle these things. And this should not >>>>>> be mentioned at all in systemd unit files. >>> >>> Ok based on Tom's file I came up with the following. I know Lennart, >>> you don't like setting ACL's from Systemd, but unless someone want's >>> to help me write udev rules that will run before the start of >>> mythbackend and after it's stopped, this is all I have: >> >> Yeah, that looks very wrong. >> >> Like mentioned earlier in this thread, just put the user into the >> audio/video system group and forget about any permissions management. > > That works for me. I wonder if I could use ExecStartPre to run a shell > script to make sure the user is in those groups and write to stderr if > not? That's a job for a %pre RPM script, not a service. Create the user and put the user in the group when the package is installed. > Also, the shell expansion doesn't work on ExecStart, so how to I set > the user in the command line? Hardcode it. It does not make much sense to configure something, or use config file indirections for stuff that does not need to be changed anyway. Kay -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
