STV Import: Restricted Access STV

[tmiranda]

If you are looking for a way to prevent what actions placeshifter, extender or client users can perform, look no further. This STVi allows you to password-restrict option changes, configuration changes, recording schedule modifications and file deletions.

Each of these restrictions are independently controlled. So, for example, you can allow placeshifter users to view recordings and change the options that effect their placeshifter UI while restricting the placeshifter users from creating new recordings or modifying settings that effect all placeshifters/clients/extenders. You can also dis-allow extenders from accidentally changing settings that ought not be touched. (Having kids I know what a few errant remote-control presses can do!)

v1.2 Enhancements:

• Now has the ability to assign actions to categories. So now if you think that watching live TV should have "Local" privileges and setting the "Don't Like" status should have "Server" privileges you can set it as you like.
• Added the "None" category for actions that you do not want to restrict.
• Now has the ability to rename the 4 privilege levels to anything you like. If you think Server Config, Local Config, Record and Delete are inappropriate names you can call them Supervisor, User, Son and Daughter.

v1.1 Enhancements:

1. There is now a User Interface that allows configuration without editing .properties files.
2. Each "restriction category" now has a "Duration" associated with it which controls how often users are prompted for passwords. It can be set to "Always", "Once" or a user-specified number of minutes.
3. Eliminated need to stop/start Sage.
4. Passwords are now hidden when entered.

To install:

1. Download and unzip the STVi to the SageTV\SageTV\STVs\STV3 directory.
2. Import the STVi. Note that there is no need to stop/start Sage.
3. A new item titled "Manage STV Permissions" will be added to the Setup -> Detailed Setup -> Server menu. Go there to configure the permissions.
4. If you are upgrading from v1.0 you should first stop Sage and delete all of the lines beginning with "rra/" from the .properties file(s).
5. You should also put these lines in the file named C:\Program Files\SageTV\SageTV\RemoteClients.properties.defaults so any new extenders that are connected or placeshifter users that log in from different locations inherit the appropriate restrictions. Note that this file is overwritten each time you reinstall Sage so you will have to re-add these lines after each re-install or upgrade. (You WILL need to stop Sage before editing this file.)

Code:

rra/enabled=true
rra/delete_enabled=true
rra/record_enabled=true
rra/config_enabled=true
rra/server_enabled=true
rra/delete_pwd=PASSWORD1
rra/record_pwd=PASSWORD2
rra/config_pwd=PASSWORD3
rra/server_pwd=PASSWORD4

Configuration:

1. From the configuration pop-up, click on the "Disabled" button to toggle between Enabling and Disabling the STVi.
2. When Enabled you will see three columns: Category, Status and Duration.
3. Click on the items under the Category column to change the password for each category (Server Configuration, Local Configuration, Record, Delete).
4. Once granted "Delete" privileges the user will be able to delete recordings and other media types.
5. Once granted "Record" privileges the user will be able to setup recordings, modify recording schedules, modify favorites and watch live TV. (Watching Live TV is considered to be creating a "recording.")
6. Once granted "Local Config" privileges the user will be able to change configuration items that only effect the current client/placeshifter/extender.
7. Once granted "Server Config" privileges the user will be able to change configuration items that effect ALL clients/placeshifters/extenders.
8. Passwords can be the same or different for each category. If they are the same the user will be granted access to functions in that category if ANY of the other categories with a matching password have access.
9. The Status column Enables or Disables password checking on a particular category.
10. The Duration column specifies how often passwords are checked. It can be set to "Always", "Once" or for a specified number of minutes after successfully entering the password. (Useful if you want to "unlock" a STV for a few minutes while you make changes then automatically "relock" it when complete.)

Notes:

1. Passwords are not encrypted so browsing the filesystem will require the Server Config password to be entered. If this import is being used on a SageClient it will be pretty easy for a moderately knowledgeable person to get around the password protection, so use it at your own risk.
2. There are no restrictions on setting and unsetting the "watched" status of recordings or videos.
3. There are no restrictions on playlist manipulations.
4. If you use other STVi's the functions they provide will not be restricted. If you would like me to provide an STVi that "restricts" a particular other STVi let me know and I'll try to accomodate you.

If you intend to use this to restrict placeshifter users:

This is slightly more complicated because you must use a client (or the server UI) to create an STV that will become the default STV for a placeshifter user.

1. Download and unzip the STVi to the SageTV\SageTV\STVs\STV3 directory.
2. Import the STVi.
3. Rename the STV with the import to a user-friendly name. Probably the easiest way to do this is to stop the client (or server) you are using to create the STV and look in the SageTV\SageTV\STVs\STV3 directory for the newest file named something like "SageTV3_withimports_..." Rename that to something like "SageTV3-for-placeshifter.xml".
4. Don't forget to edit the RemoteClients.properties.defaults file as mentioned above!
5. Use the normal process to assign the newly created STV as the default STV for placeshifter users. (Setup->Detailed Setup->Server->Manage Placeshifter Users. Click on the user name and change the default STV to the one you just created and renamed.)

Download here: http://forums.sagetv.com/forums/down...do=file&id=332

[bcjenkins]

When you upgrade versions do you need to stop and restart server?

Also, I noticed the do not like was toggled as a local setting and was password protected. Is there a reason for placing it in local vs recordings?

Lastly, are passwords now starred in entry? It is kind of difficult to keep the kids from figuring it out when you have the plain view of it during entry.

Thanks for building this, I appreciate it.

B

[tmiranda]

No need to restart if you are upgrading. It's actually the same as ALPHA 3 so no need to do anything if you are running that.

"Don't Like" should require SERVER access so that's a bug. From what screen are you setting it and are you using a keyboard/mouse or remote control? If remote control are you pressing the "Don't Like" key or selecting the item from a menu? You need to be specific because there are always several ways to do things and each one has it's own code.

Passwords are not starred. I debated which way to go on that, and I probably came to the wrong decision. I'll change that.

[bcjenkins]

I was in the SageTV Recordings menu. Pressed the don't like on remote and asked for a password. I thought it said local, but it could have said server.

Can you explain the thought process on making don't like a server item vs a recording item? In my line of thought, which may not be correct, everything which is recording related and specific to setting, deleting, not liking, etc., ought to be bundled together.

Thanks again

B

[tmiranda]

When you get a chance let me know for sure if the "Don't Like" password is looking for a local config password or a server config password. Also let me know if you are using the malore menus or the standard menus.

My thought process on "Don't Like" is that it effects Intelligent Recording (which effects the functioning of the server) so it should be considered a server setting. I'm open to sugggestions on making the STVi more useful so let me know if you have more thoughts on this.

[GKusnick]

Quote:

Originally Posted by bcjenkins

Can you explain the thought process on making don't like a server item vs a recording item? In my line of thought, which may not be correct, everything which is recording related and specific to setting, deleting, not liking, etc., ought to be bundled together.

I suspect you're going to see more of this sort of argument about whether function X properly belongs to group Y or group Z. Ultimately I think the only way you're going to be able to please everybody is to make the assignment of functions to groups configurable (and probably the group names as well). So ideally what you'd have is a big grid of checkboxes with columns labeled by group names, and rows labeled by specific permission (e.g. Don't Like, Create Favorite, Delete Recorded Program, etc). There'd obviously be some default assignment of permissions to function groups, but system admins would be free to override those defaults by ticking or unticking checkboxes to move items from one group to another.

In this sort of scheme a system admin could even arrange the checkboxes in overlapping sets, so that for instance the "server" group could also include all the permissions of the "record", "delete", and "local" groups. Then you'd have only one password to enter to access all functions, instead of separate passwords for separate function groups.

At this point it then becomes desirable to be able to rename the groups, so instead of "record", "delete", etc. you could call them "Kids", "Mom", "UberGeek", and so on and set the permissions appropriately for those user groups (rather than function groups).

[tmiranda]

Greg,

Yes, as usual you have hit the nail on the head. What I actually had in mind for version 2 was to switch to a "user" based model where each user would have to "log in" and then have access to functions based on some type of permissions table.

I'm still learning studio and I wanted to take small steps rather than jump into something I would be incapable of completing. That's why I chose a simple authentication model for version 1.

Tom

[bcjenkins]

I think you are doing well for just learning! My perspective on what falls where is just my opinion, I was hoping to better understand the methodology applied.

B

[tmiranda]

Thanks. But if you really want to see what some Sage "newbies" can do take a look at the stuff that PLUCKHD and razrsharp are producing - it's simply eye-popping!

[tmiranda]

Version 1.1 is now available. It is easy to configure (no editing properties files) and has some enhancements as well.

Download here: http://forums.sagetv.com/forums/down...do=file&id=332

[Lester Jacobs]

This is a great piece of work and addresses a gap in Sage that I have been raising on this forum for a couple of years now. Unfortunately I did not have to time to develop an STVi to cover the gap but your effort certainly covers most of the security features I had envisioned. I would like to add a request for future consideration. I currently use a security workaround at home where I change an STV with a search/replace script to eliminate functionality I don't want users to access. In that script I make a distinction between manaul recordings and favorites. In my STV currently I allow manual recordings but do not allow additions/deletions or modifications of favorites. Can you change your scheme so that manual recordings (including Live TV) and favorites are split apart into two categories so that permissions can be assigned to them individually? In your current scheme I have no way to restrict favorite modifications without also restricting manual recordings.

Thanks
Lester

[tmiranda]

Lester,

I am considering making changes which will address this. No timescales however.

Tom

[RodEvan]

I've been waiting for something like this. We're shortly to take on foster children and alongside the parental control system I need to be able to prevent 'malicious damage' to the Sage setup.

I note that yor guide refers the standard SAGETV(3) direcotry but wonder whether this import also works with SAGEMC.

If it does then it's just what I'm looking for. But don't want to jump in and install it if it's going to mess up my sagemc installation.

Either way a long overdue import IMHO - but will it work with SAGEMC?

[tmiranda]

Sorry Rod, it will not work with SageMC.

[Peter_h]

Quote:

Originally Posted by tmiranda

Sorry Rod, it will not work with SageMC.

Would you be willing to do a SageMC port? I would also be interested.

[tmiranda]

Possibly. The main problem is that I'm not familiar with SageMC and in order to implement the STVi I need to put "checking code" at every point in the STV where user interactions occur. It's not hard now that I have written the code, it's just a matter of *finding* all the places it needs to go.

I think razrsharp is secretly starting a conspiracy to get me to switch to SageMC

[RodEvan]

Quote:

Originally Posted by tmiranda

Sorry Rod, it will not work with SageMC.

I'm sure there are many SAGEMC users who'd be interested in this - but congratulations on implementing at least in the standard stv.

I'd be very happy to BETA test if your interested in implementing for SAGEMC .

[bcjenkins]

Tom,

Would it be possible to add a toggle for strong/weak passwords?

I would prefer only numeric passwords instead of the alpha key entry. Like the parental controls entry.

B

[tmiranda]

I'll put it on the "to do" list. I'm not happy with the password entry dialog either

What do you have in mind for strong/weak password?

[tmiranda]

New version 1.2:

v1.2 Enhancements:

• Now has the ability to assign actions to categories. So now if you think that watching live TV should have "Local" privileges and setting the "Don't Like" status should have "Server" privileges you can set it as you like.
• Added the "None" category for actions that you do not want to restrict.
• Now has the ability to rename the 4 privilege levels to anything you like. If you think Server Config, Local Config, Record and Delete are inappropriate names you can call them Supervisor, User, Son and Daughter.