Date: Wed, 06 Feb 2008 17:09:50 +0000 From: Alex Zbyslaw <xfb52@dial.pipex.com> To: Zbigniew Szalbot <zszalbot@gmail.com> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: /usr/local/etc/rc.d/ scripts and non-root user Message-ID: <47A9E9DE.2060503@dial.pipex.com> In-Reply-To: <94136a2c0802060849o1dfb3f6ek67d7d41db5d99102@mail.gmail.com> References: <94136a2c0802060751o7952c2f8w639139271c946e98@mail.gmail.com> <47A9E373.80300@dial.pipex.com> <94136a2c0802060849o1dfb3f6ek67d7d41db5d99102@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Zbigniew Szalbot wrote:
>Thank you. I realized this was the case before I wrote previous
>message. The thing is the real file is owned by user api. However,
>when the application is started following a reboot, its logs are
>created by user root, whereas when I start it by hand as user api, its
>logs are owned by user api. So it once caused me a problem because the
>existing log file was owned by root and I stopped then started this
>particular software by hand as user api. Needless to say, it panicked
>about not being able to log what it was doing.
>
>I wonder that indeed a better solution may be to use cron for
>automatic startups, which Lowell rightly pointed out to me. I just
>loved the simplicity of symlinking sh scripts against
>/usr/local/etc/rc.d/ :)
>
>
I personally much prefer scripts in rc.d because it's much easier to
migrate than crontabs, and if I never use a crontab I always know where
to look.
It looks to me like you shouldn't be starting the demon as user api -
startups scripts should always be started as root. If the demon or
whatever is supposed to run as api not root, then perhaps your script
should say e.g.
su api -c the-path-to-the-demon-or-whatever
root can su to whoever without a password, and api can su to api without
a password, and everyone else gets prompted.
--Alex
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47A9E9DE.2060503>