Ubuntu – How to start jobs as a non privileged user in Upstart


I'm using last upstart version for ubuntu 10.4 LTS. upstart is launched with –debug kernel flag.

I'm making a custom job configuration for nzbget daemon. Basically, this job has a pre-start script that mounts a filesystem, a post-start script that unmounts the filesystem and an exec nzbget -D line.

The problem is that the nzbget daemon needs to run as a non privilleged user. This feature is already included in nzbget. Indeed, when I run from console sudo nzbget -D the process runs as a non privileged user. But when I start the upstart job with the exec nzbget -D line, the process nzbget -D runs as root. As said in the upstart cookbook, I tried to use su -c "nzbget -D" user and also start-stop-daemon both without the expect stanza as adviced. But for both commands, as upstart tracks the wrong PID I guess, it sees the main process as killed (owing to upstart logs) at the end of start process and thus, it launches the post-process script which I don't want.

=> How can I do it right? How is it that exec nzbget -D upstart command makes the process run as root whereas sudo nzbget -D command makes it run as non privilleged user?

Best Answer

There was some progress with the release of version 1.4.:

New “setuid” and “setgid” stanzas to allow system jobs to be run under the specified uid/gid corresponding to the given name/group.

You can grab it from their LaunchPad page but (strangely) I can't see a PPA so you might have to compile it yourself.

Otherwise, use su or sudo in your exec command like so:

su -c "<commands>" <username>
sudo -u <username> <commands>

They both do pretty much the same thing so pick whichever you're happiest with. So using your example command:

exec sudo -u me "nzbget -D"