start misbehaving deamons as another user than root

Daniel L. Miller dmiller at amfes.com
Tue Jul 17 20:26:26 BST 2007


Philippe De Swert wrote:
> Hi all,
>
> On Thu, 2007-07-12 at 13:05 +0100, Scott James Remnant wrote:
>   
>> On Thu, 2007-07-12 at 13:18 +0200, Philippe De Swert wrote:
>>
>>     
>>>>> I wondered if there was a way to get upstart to start daemons with another
>>>>> user than root. This because some daemons don't drop there privileges decently
>>>>> (or as in my case I need the init system to start them up, but I need them to
>>>>> be running with user privileges)
>>>>>
>>>>> I tried the following in the upstart scripts:
>>>>>
>>>>> su -l username -c daemon-command
>>>>>
>>>>>           
>>>> su -l username -c exec daemon-command
>>>>         
>>> I tried this, unfortunately upstart complains about an unknown stanza
>>>
>>>       
>> It has to be in an exec stanza, e.g.
>>
>> exec su -l username -c exec daemon-command
>>     
>
> The extra exec statement  after -c does nothing. Also I have a perfectly
> valid shell for the user (thank Michael for the suggestion anyway).
> Still it does work to run the process with a different user. The main
> problem is still that it spawns two seperate processes which screws up
> the respawning.
>
> In the meantime I have written a small program that forks, changes uid
> and gid and execs the actual program with different user privileges,
> which seems to work. (I need to iron out the bugs as not all the daemons
> I want to start like that seem to work)
>
> However I still wonder if it would make sense to add this functionality
> natively to upstart.
>   
Anything wrong with using DJB's setuidgid program?  
http://cr.yp.to/daemontools/setuidgid.html

-- 
Daniel



More information about the upstart-devel mailing list