[kcarney]

You can get rid of that password stuff by updating your /etc/sudoers file with the visudo(8) command and adding these lines:

Code:

Cmnd_Alias SHUTDOWN_CMDS = /sbin/shutdown, /sbin/reboot, /sbin/halt
xbmc localhost = (root) NOPASSWD: SHUTDOWN_CMDS

That's good to know. Unfortunately if you also want to switch to the ATV OS via script then you need to add "XBMC" to the admin group anyway for the mount and cp commands

[adufresne]

That's good to know. Unfortunately if you also want to switch to the ATV OS via script then you need to add "XBMC" to the admin group anyway for the mount and cp commands

That's easy to fix, too:

Code:

Cmnd_Alias SHUTDOWN_CMDS = /sbin/shutdown, /sbin/reboot, /sbin/halt
Cmnd_Alias APPLETV_CMDS = /sbin/mount, /bin/cp
xbmc localhost = (root) NOPASSWD: SHUTDOWN_CMDS, APPLETV_CMDS

Call me paranoid, but as a general principle I try to limit any service account's access to root. I think the specific mount(8) and cp(1) commands should be limited further. A clever person could, say, overwrite the sudoers file (`sudo cp my_sudoers /etc/sudoers` or `sudo mount my_evil_img.iso /etc`). I don't know which arguments are required for those commands in order to boot the ATV OS, so I've left them out of my example.

[kcarney]

Ah I see. I suppose that could be used instead of storing a PW in the script, although the problem I ran into was the "XBMC" user account is unable to run anything "sudo" thereby limiting what can be done by that logged in used. I'm not incredibly linux savvy so easier seemed better.

I guess I'm not so paranoid?