What’s the recommended way to run a service as a non-root user

execinit-scriptservices

I have a simple init.d script which starts and stops a process. I call the init.d as root, but I'd like the process it controls to run as a specific user.

The most common suggestion online seems to be to do

su myuser -c "my_process args"

However, this creates a second process space, new shell etc. and is somewhat inelegant.

I'd prefer to use exec(), since it replaces the shell, but this doesn't take a user as argument. Is this a case where I should use setuid() first? What about setting the gid? Are there any gotchas to be aware of?

Alternatively, are there distro-specific solutions to running the init.d as a different user? My environment is Centos 6.4.

Best Answer

Depends on the distribution but RHEL-based distros use a Bash function they source from /etc/rc.d/init.d/functions that's called daemon which is itself just a wrapper around the runuser command. From what I can tell in the source files, it's functionally identical to su in most cases, it just doesn't go through PAM (probably to avoid some chicken and egg problems in certain cases).

That's not really going to answer your objections, but it's how services do it. The cleanliness and overall conformity to logic that you're wanting is part of the motivation for things like systemd

Related Solutions

Ubuntu – How to make this daemon/init run as a non root user

Use the start-stop-daemon utility to start your daemon. Pass the -c (or --chuid) option to run it as a different user. You'll find some examples in /etc/init.d/*.

case $1 in
  start)
    echo -n "Starting $DESC: "
    start-stop-daemon --start --chuid deploy --pidfile "$PID" --start --exec "$DAEMON" -- $DAEMON_OPTS
    echo "$NAME."
    ;;
…

Centos – the recommended way of checking running services

I want to know: what is the recommended method of checking all running services across these systems?

Since you are aware of chkconfig,service, and may be ntsysv,rcconf,

but you can check using below command which almost work in all flavor

ls -1 /etc/rc$(runlevel| cut -d" " -f2).d/S*

What is S* ?

the traditional init style makes symlinks that start with S, or K. those with S means "start", and they are run with the "start" parameter when that runlevel is entered. Those with K means "kill", those services are run with the "stop" parameter when that runlevel is entered

Full details:

ls -1 /etc/rc$(runlevel| cut -d" " -f2).d/S* | \
awk -F'[0-9][0-9]' '{print "Startup :-> " $2}'

Output:

Startup :-> bind9
Startup :-> apt-cacher-ng
Startup :-> slapd
Startup :-> cron
Startup :-> dmesg
Startup :-> inetutils-inetd
Startup :-> ssh
Startup :-> dns-clean
Startup :-> sudo
Startup :-> apache2
Startup :-> grub-common
Startup :-> ondemand
Startup :-> rc.local

Best Answer

Related Solutions

Ubuntu – How to make this daemon/init run as a non root user

Centos – the recommended way of checking running services

Related Question