Date: Sun, 27 Apr 2008 09:08:10 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Walter Venable <weaseal@gmail.com> Cc: freebsd-ports@freebsd.org Subject: Re: Building new port, don't want to run as root Message-ID: <4814346A.5040207@infracaninophile.co.uk> In-Reply-To: <48132E31.8080204@gmail.com> References: <48132E31.8080204@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig871974EB376F27C0614D6A21
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Walter Venable wrote:
> Hi all, I'm working on a patch to upgrade a port I maintain, however th=
e=20
> new version (smartly) refuses to be run by root. I fished through the =
> Porter's Handbook a bit but was unable to find anything in particular o=
n=20
> running the port as another user. Can anyone point me in the right=20
> direction? Thanks...
I take it you're talking about a daemon process and you want to have the
rc.subr scripts start it as another user than root? That's fairly simple=
=2E
To make rc.subr start a process using a different UserID, all you need to=
do is define variables
name =3D foo <-- standard rc script thing to
setup the namespace
foo_user =3D someone
foo_group =3D somegroup
in the rc script (where 'foo' is typically your program name).
You should use a fixed username and group from /usr/ports/UIDs or
/usr/ports/GIDs -- unless there is already something suitable in that fil=
e,
just grab a UID and GID number no one else is already using and send in
patches to UIDs and GIDs along with the rest of your maintainer update.
For a long running process, you'll also probably need to make arrangement=
s
for the process to write a pid file. If it is started as non-root then
it won't be able to write a file into /var/run -- one solution is to crea=
te
a sub-dir owned and writable by the user the script runs as. Similar=20
considerations also apply to wrinting log files into /var/log
Take a look at textproc/sphinxsearch for an example.
Cheers,
Matthew
--=20
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
--------------enig871974EB376F27C0614D6A21
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.8 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEAREIAAYFAkgUNHAACgkQ8Mjk52CukIzRHwCfSB1CWdJ+s93CGE9nLNqGFIvh
XF8An15xSTeX/DB4A0o2fOudCb+03Lyu
=UDoM
-----END PGP SIGNATURE-----
--------------enig871974EB376F27C0614D6A21--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4814346A.5040207>