From b3de385d5b94166b32c67c63345c282e6564c11d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20B=C3=BCttner?= Date: Sat, 5 Jan 2019 21:30:45 +0100 Subject: [PATCH] Re-add sudo policy for in-app service restart. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Thomas Büttner --- rpm-package/README.md | 11 +++++++---- rpm-package/jellyfin.env | 6 ++---- rpm-package/jellyfin.spec | 17 ++++++----------- 3 files changed, 15 insertions(+), 19 deletions(-) diff --git a/rpm-package/README.md b/rpm-package/README.md index bbc8e7348..84aded8c6 100644 --- a/rpm-package/README.md +++ b/rpm-package/README.md @@ -14,11 +14,14 @@ $ sudo dnf install https://download1.rpmfusion.org/free/fedora/rpmfusion-free-re $ sudo yum localinstall --nogpgcheck https://download1.rpmfusion.org/free/el/rpmfusion-free-release-7.noarch.rpm ``` -## In-App service control +## ISO mounting + +To allow jellyfin to mount/umonut ISO files uncomment these two lines in `/etc/sudoers.d/jellyfin-sudoers` +``` +# %jellyfin ALL=(ALL) NOPASSWD: /bin/mount +# %jellyfin ALL=(ALL) NOPASSWD: /bin/umount +``` -A sample sudoers-policy is located at `/usr/share/jellyfin/jellyfin-sudoers` which you need to review and copy to `/etc/sudoers.d`. -Use `install -D -m 0600 -o root -g root /usr/share/jellyfin/jellyfin-sudoers /etc/sudoers.d/jellyfin-sudoers` for the right permissions. -Finally uncomment JELLYFIN_RESTART_OPT in /etc/sysconfig/jellyfin and restart the service. ## Database patching You may need to install sqlite since CentOS has no `Recommends:` with `yum install sqlite`. diff --git a/rpm-package/jellyfin.env b/rpm-package/jellyfin.env index a935db68a..2e2b2ba8e 100644 --- a/rpm-package/jellyfin.env +++ b/rpm-package/jellyfin.env @@ -19,9 +19,7 @@ # Data directory JELLYFIN_DATA="/var/lib/jellyfin" -# To enable In-App service control uncomment JELLYFIN_RESTART_OPT -# and install the sample sudo policy to Allow jellyfin group to start, stop and restart itself. -# /usr/share/jellyfin/jellyfin-sudoers to /etc/sudoers.d/ -# JELLYFIN_RESTART_OPT="-restartpath /usr/libexec/jellyfin/restart.sh" +# In-App service control +JELLYFIN_RESTART_OPT="-restartpath /usr/libexec/jellyfin/restart.sh" # Additional options for the binary JELLYFIN_ADD_OPTS="" \ No newline at end of file diff --git a/rpm-package/jellyfin.spec b/rpm-package/jellyfin.spec index 5cadf779d..090f6e319 100644 --- a/rpm-package/jellyfin.spec +++ b/rpm-package/jellyfin.spec @@ -9,7 +9,7 @@ Name: jellyfin Version: 3.5.2.git%{shortcommit} -Release: 3%{?dist} +Release: 4%{?dist} Summary: The Free Software Media Browser. License: GPLv2 URL: https://jellyfin.media @@ -71,7 +71,7 @@ EOF %{__mkdir} -p %{buildroot}%{_sharedstatedir}/jellyfin %{__install} -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name}.service %{__install} -D -m 0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/sysconfig/%{name} -%{__install} -D -m 0600 %{SOURCE3} %{buildroot}%{_datadir}/%{name}/%{name}-sudoers +%{__install} -D -m 0600 %{SOURCE3} %{buildroot}%{_sysconfdir}/sudoers.d/%{name}-sudoers %{__install} -D -m 0750 %{SOURCE4} %{buildroot}%{_libexecdir}/%{name}/restart.sh %{__install} -D -m 0755 %{SOURCE6} %{buildroot}%{_datadir}/%{name}/update-db-paths.sh @@ -87,10 +87,10 @@ EOF %attr(755,root,root) %{_libdir}/%{name}/jellyfin %attr(644,root,root) %{_libdir}/%{name}/sosdocsunix.txt %attr(644,root,root) %{_unitdir}/%{name}.service -%attr(600,root,root) %{_datadir}/%{name}/%{name}-sudoers %attr(755,root,root) %{_datadir}/%{name}/update-db-paths.sh %attr(750,root,root) %{_libexecdir}/%{name}/restart.sh %config(noreplace) %{_sysconfdir}/sysconfig/%{name} +%config(noreplace) %attr(600,root,root) %{_sysconfdir}/sudoers.d/%{name}-sudoers %config(noreplace) %{_sysconfdir}/systemd/system/%{name}.service.d/override.conf %attr(-,jellyfin,jellyfin) %dir %{_sharedstatedir}/jellyfin %if 0%{?fedora} @@ -115,15 +115,10 @@ exit 0 %postun %systemd_postun_with_restart jellyfin.service -%posttrans -echo -e "\e[31m -To enable In-App service control copy the sudo-policy (be sure to check it contents) with: - -install -D -m 0600 %{_datadir}/%{name}/%{name}-sudoers %{_sysconfdir}/sudoers.d/%{name}-sudoers - -and uncomment JELLYFIN_RESTART_OPT in %{_sysconfdir}/sysconfig/%{name} \e[0m" >> /dev/stderr - %changelog +* Sat Jan 05 2019 Thomas Büttner - 3.5.2-4 +- Re-added sudoers policy + * Sat Jan 05 2019 Thomas Büttner - 3.5.2-3 - Added script for database migration