Starting an Upstart job as a simple user

James Hunt james.hunt at ubuntu.com
Wed May 23 08:50:06 UTC 2012 

On 22/05/12 15:11, Louis Chatriot wrote:
> Hello,
> 
> 
> I would like to know if there is any way to stop/start an upstart job
> without having to be a superuser (i.e. by typing `start myjob` instead
> of `sudo start myjob`).
> 
> I spent quite some time looking for the answer on the Internet and found
> that I can use a NOPASSWD sudo for `start myjob` only but I don't like
> this method and the security concerns it brings. I am running Ubuntu
> 11.10 and my upstart version is 1.3.
> 
> If you have the answer that would be great !
> 
> 
> Thanks in advance,
> Louis
> 
> 
Hi Louis,

I'm not clear from your mail whether the jobs the users will be running
need root privileges? I'd assume not as that would also be a potential
security concern :-). If I'm right, "User Jobs" might be the way to go:

http://upstart.ubuntu.com/cookbook/#user-job

This feature is _not_ enabled by default in Ubuntu currently. However,
all you need to do to enable it is replace the "Upstart.conf" D-Bus
configuration with the version shipped by upstream upstart. See:

http://upstart.ubuntu.com/cookbook/#enabling
http://bazaar.launchpad.net/~upstart-devel/upstart/trunk/view/head:/dbus/Upstart.conf

Once you've done this, the feature is available immediately - no reboot
required. To disable it, swap back to the original Upstart.conf.

Note that user jobs are extremely basic right now. The main limitation
currently is that user jobs do not run with the users environment so you
need to inject that into any jobs. For example:

__________________

env HOME=/home/me
export HOME

script

/bin/bash -lc "do-something.sh"

end script

__________________

The crucial point to note here is that you are not running a job in a
user session, you are simply running a job as a particular user. That
means login(1) has not been invoked, so neither has PAM. Therefore,
crucially you'll need to set atleast $HOME as above, but might find you
need to set other variables too.

We are looking at enhancing user jobs this (Ubuntu Quantal) cycle.

Kind regards,

James.
--
James Hunt
____________________________________
http://upstart.ubuntu.com/cookbook
http://upstart.ubuntu.com/cookbook/upstart_cookbook.pdf

More information about the upstart-devel mailing list