Launch process as another user/group (in init.d script)

initprivilegesprocess

I am editing a init.d script. The init.d script runs a utility script which then runs an process. From either bash scripts how would I make it launch the main process as a specific user and group?

Best Answer

The simplest way is to use the su(1) command, it has an option that allows you to run a command via the user's shell, example:

su foo -c ls

This will switch to the user foo and run the ls command. If the user you want to use does not have a valid shell (ie it's not in /etc/shells, like /bin/false or /sbin/nologin) you will also have to specify a shell on the command line. Example with output:

# su nobody -s /bin/bash -c id
uid=99(nobody) gid=99(nobody) groups=99(nobody) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

Related Solutions

Which script from /etc/init.d/ started the process

An easy way to follow the PPID chain backwards is with the pstree tool:

pstree -p PID

This will show all the parent processes of the specified PID, for example:

$ pstree 42284
-+= 00001 root /sbin/launchd
 \-+= 00199 jack /sbin/launchd
   \-+= 00254 jack /Applications/iTerm.app/Contents/MacOS/iTerm -psn_0_90134
     \-+= 00309 root login -fp jack
       \-+= 00310 jack -bash
         \--= 42284 jack vim site.txt

How to update user/group settings of a running process

Very interesting attempt. Actually, process's supplementary groups (defined in /etc/group) are set by setgroups system call. It requires CAP_SETGID privilege or being root.

So you can do like this:

# id
uid=0(root) gid=0(root) groups=0(root)

# gdb -q id
Reading symbols from id...(no debugging symbols found)...done.
(gdb) b getgroups
Breakpoint 1 at 0x401990
(gdb) run
Starting program: /usr/bin/id 
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".

Breakpoint 1, getgroups () at ../sysdeps/unix/syscall-template.S:81
81  ../sysdeps/unix/syscall-template.S: No such file or directory.
(gdb) call setgroups(5, {1, 2, 3, 4, 5})
$1 = 0
(gdb) d 1
(gdb) c
Continuing.
uid=0(root) gid=0(root) groups=0(root),1(daemon),2(bin),3(sys),4(adm),5(tty)
[Inferior 1 (process 8059) exited normally]
(gdb)

Best Answer

Related Solutions

Which script from /etc/init.d/ started the process

How to update user/group settings of a running process

Related Question