[Gllug] Unprivileged Init Script
Kostas Georgiou
k.georgiou at imperial.ac.uk
Wed Mar 12 16:37:48 UTC 2008
On Wed, Mar 12, 2008 at 04:04:55PM +0000, - Tethys wrote:
> On Wed, Mar 12, 2008 at 3:47 PM, Stephen Nelson-Smith
> <sanelson at gmail.com> wrote:
>
> > I wish to run a service as an unprivileged user. I have an init
> > script. I'm running a mixture of RHEL 3 and RHEL 5. What's the
> > recommended way to get the unprivileged user to start the service via
> > the init script?
>
> su(1)
Have a look at the other scripts in /etc/rc.d/init.d for examples
but here is more or less what you need:
# Source function library.
. /etc/rc.d/init.d/functions
start()
{
....
daemon --user=auser abinary $OPTIONS
...
}
Note that daemon uses runuser(1) and not su(1) (runuser has it's own
pam configuration unlike su so it's not affected by the default pam
config that doesn't allow you to su to locked accounts etc. in recent
versions).
Cheers,
Kostas
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list