Am Sonntag 24 Juli 2005 11:17 schrieb Simon Baxter: > >> If I'm understanding the su correctly, and vdr must be run as root but > >> the > >> date set will be done by another user, I can't see the point! If you're > >> running vdr as root you're already running an 'untrusted' application > >> with > >> full machine rights. Why then switch to another user just for the date > >> set? > > > > It's exactly the opposite: VDR drops all root privileges, except the > > capability to set the time. > > > > S. > > I'm confused. > > So you run VDR as root or not?? > > > > _______________________________________________ > vdr mailing list > vdr@xxxxxxxxxxx > http://www.linuxtv.org/cgi-bin/mailman/listinfo/vdr OK, approach 1: settime patch you start vdr as ordinary user, when it want's to set the time, it calls "sudo date ....", so that date will run as root. approach 2: su patch you start vdr as root, it drops all but the CAP_SET_TIME capability and changes its UID to something different you define in the Make.config. VDR only starts as root, but later runs with a different UID. S.
