switch user/user upstart jobs ? - su -c and expect fork

[Clint Byrum]

Excerpts from Steffen Barszus's message of Tue May 17 13:01:59 -0700 2011:
> Hi !
> 
> I'm working on an upstart job starting an application as a different
> user. Until now i have used su -c doing that, but started recognizing
> now that upstart can not follow the pid properly like that. 
> 
> It is also recomended way in upstart cookbook. 
> 
> From my analysis i understand the following:
> 
> Lets assume i use script/end script to start in the end:
> 
> ....
> exec su -c "some daemon " someuser
> end script 
> 
> the exec replaces the shell with the su command which itself starts a
> shell which start the daemon. Now upstart can get the PID of the su
> command but not of the shell it starts or even the daemon. The best one
> can get is that the su shell gets killed and hope and pray that the
> daemon started in the shell will die from that in time. 
> 
> So this doesnt seem to be a perfect solution. Any comments ? 
> 
> Will there be a user keyword anytime soon ? (it might do the same as su,
> but if it can track the PID properly it might be worth it ?)

That would be cool for the case where you have something simple that
fully daemonizes. For many cases, just running in the foreground seems ok.

I'd hope that most daemons become another user on their own, and in fact,
many times they *must* become a user after execution because they need
to have root privileges temporarily to do something like listen on a low
port or listen on a local socket in a privileged location.

If your daemon runs in the foreground the su method works without
problems.