From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.comp.sysutils.supervision.general/872
Path: news.gmane.org!not-for-mail
From: Thomas Schwinge <schwinge-lists-skarnet.org-supervision@nic-nac-project.de>
Newsgroups: gmane.comp.sysutils.supervision.general
Subject: Re: supervised processes controlled by non-root user?
Date: Thu, 15 Sep 2005 14:05:56 +0200
Message-ID: <20050915120556.GA4861@nic-nac-project.de>
References: <4329310A.8060002@robinbowes.com> <20050915093717.4944.qmail@0d59b37f3e46bc.315fe32.mid.smarden.org> <43295EAE.9080903@robinbowes.com>
NNTP-Posting-Host: main.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: sea.gmane.org 1126786176 8885 80.91.229.2 (15 Sep 2005 12:09:36 GMT)
X-Complaints-To: usenet@sea.gmane.org
NNTP-Posting-Date: Thu, 15 Sep 2005 12:09:36 +0000 (UTC)
Cc: supervision@list.skarnet.org
Original-X-From: supervision-return-1108-gcsg-supervision=m.gmane.org@list.skarnet.org Thu Sep 15 14:09:34 2005
Return-path: <supervision-return-1108-gcsg-supervision=m.gmane.org@list.skarnet.org>
Original-Received: from antah.skarnet.org ([212.85.147.14])
	by ciao.gmane.org with smtp (Exim 4.43)
	id 1EFsWn-0004rm-9a
	for gcsg-supervision@gmane.org; Thu, 15 Sep 2005 14:07:45 +0200
Original-Received: (qmail 15507 invoked by uid 76); 15 Sep 2005 12:08:06 -0000
Mailing-List: contact supervision-help@list.skarnet.org; run by ezmlm
List-Post: <mailto:supervision@list.skarnet.org>
List-Help: <mailto:supervision-help@list.skarnet.org>
List-Unsubscribe: <mailto:supervision-unsubscribe@list.skarnet.org>
List-Subscribe: <mailto:supervision-subscribe@list.skarnet.org>
List-Archive: <http://www.skarnet.org/lists/>
Original-Received: (qmail 15485 invoked from network); 15 Sep 2005 12:06:25 -0000
Original-To: Robin Bowes <robin-lists@robinbowes.com>
Mail-Followup-To: Robin Bowes <robin-lists@robinbowes.com>,
	supervision@list.skarnet.org
Content-Disposition: inline
In-Reply-To: <43295EAE.9080903@robinbowes.com>
User-Agent: Mutt/1.5.9i
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at nic-nac-project.de
X-Provags-ID: kundenserver.de abuse@kundenserver.de login:c9c8b863173b56dc4a0242d71aa058ab
Xref: news.gmane.org gmane.comp.sysutils.supervision.general:872
Archived-At: <http://permalink.gmane.org/gmane.comp.sysutils.supervision.general/872>

On Thu, Sep 15, 2005 at 12:44:46PM +0100, Robin Bowes wrote:
> Presumably this would work even if the service in question uses
> privileged ports as the actual starting and stoping of the service is
> done by the svscan process which is started by svscanboot?

Yes.

> >Or, if the complete service should be owned by the user, see
> > http://article.gmane.org/gmane.comp.sysutils.supervision.general/795
> 
> This is a "nicer" solution. Is this possible with daemontools, or only
> using your runit package?

There once was a web page that described how to set up a service
directory in a user's home directory.
I can't find the URL at the moment, but the procedure was something like
having a service /service/user_service-USER, which has
#v+
exec \
setuidgid USER \
svscan ~USER/service
#v-
... in its run file.


Regards,
 Thomas