From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.comp.sysutils.supervision.general/2140
Path: news.gmane.org!not-for-mail
From: Wayne Marshall <wcm@b0llix.net>
Newsgroups: gmane.comp.sysutils.supervision.general
Subject: Re: Getting a process to run as root
Date: Fri, 27 Apr 2012 13:13:29 +0200
Organization: b0llix.net: un!x for the deranged
Message-ID: <20120427131329.4ebfc294@b0llix.net>
References: <CALxYQy6eEzvtu-okAKYnk43AODV3AHv6i7iAwq7N8JAGhaQo3A@mail.gmail.com>
	<20120425150746.414ef293@b0llix.net>
	<CALxYQy7LN2A1XY-67ydwdD9e2M12qhyZzuaPJufnuYuApb=FoQ@mail.gmail.com>
	<20120426204920.77c8315d@b0llix.net>
	<CALxYQy7SK7zSctTS8oL02hD0mLgDvcA67Ug5vU5LJ=XRYepgEg@mail.gmail.com>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-Trace: dough.gmane.org 1335525258 10036 80.91.229.3 (27 Apr 2012 11:14:18 GMT)
X-Complaints-To: usenet@dough.gmane.org
NNTP-Posting-Date: Fri, 27 Apr 2012 11:14:18 +0000 (UTC)
Cc: supervision@list.skarnet.org
To: Peter Hickman <peterhickman386@googlemail.com>
Original-X-From: supervision-return-2374-gcsg-supervision=m.gmane.org@list.skarnet.org Fri Apr 27 13:14:18 2012
Return-path: <supervision-return-2374-gcsg-supervision=m.gmane.org@list.skarnet.org>
Envelope-to: gcsg-supervision@plane.gmane.org
Original-Received: from antah.skarnet.org ([212.85.147.14])
	by plane.gmane.org with smtp (Exim 4.69)
	(envelope-from <supervision-return-2374-gcsg-supervision=m.gmane.org@list.skarnet.org>)
	id 1SNj7x-00016T-Td
	for gcsg-supervision@plane.gmane.org; Fri, 27 Apr 2012 13:14:18 +0200
Original-Received: (qmail 655 invoked by uid 76); 27 Apr 2012 11:18:03 -0000
Mailing-List: contact supervision-help@list.skarnet.org; run by ezmlm
List-Post: <mailto:supervision@list.skarnet.org>
List-Help: <mailto:supervision-help@list.skarnet.org>
List-Unsubscribe: <mailto:supervision-unsubscribe@list.skarnet.org>
List-Subscribe: <mailto:supervision-subscribe@list.skarnet.org>
List-Archive: <http://www.skarnet.org/lists/>
Original-Received: (qmail 644 invoked from network); 27 Apr 2012 11:18:03 -0000
In-Reply-To: <CALxYQy7SK7zSctTS8oL02hD0mLgDvcA67Ug5vU5LJ=XRYepgEg@mail.gmail.com>
X-Mailer: Claws Mail 3.7.7 (GTK+ 2.22.1; x86_64--netbsd)
Xref: news.gmane.org gmane.comp.sysutils.supervision.general:2140
Archived-At: <http://permalink.gmane.org/gmane.comp.sysutils.supervision.general/2140>

On Fri, 27 Apr 2012 10:18:52 +0100
Peter Hickman <peterhickman386@googlemail.com> wrote:
 
> Here is the /etc/sv/runsvdir-log_watcher/run file
> 
> #!/bin/sh
> 
> RUNIT_USER=log_watcher:root:adm
> 
> exec 2>&1
> exec chpst -u$RUNIT_USER runsvdir /home/log_watcher/service
> 
> I've tried a variety of combinations and values for the -u and
> -U settings to no avail
> 
> The program runs but when it attempts to access the log files
> it no longer has permission to do so (just like it was before
> I added the missing groups to the log_watcher user).
> 

I see evidence of more than a few problems here.  For example,
why would you be using runsvdir in a service definition?

Anyway, it would appear that your basic runit installation and
setup may be a little confused.  Hopefully some runit users here
will be able to give you some good suggestions.

BTW, if you should ever decide to give perp a try, you may be
pleased to find you don't have to mess around with any symlink
indirection to install your service.  Then I could suggest an
rc.main runscript for your "log_watcher" service that looks
something like this:

#!/bin/sh
# /etc/perp/log_watcher/rc.main

exec 2>&1

TARGET=${1}
SVNAME=${2}

RUNUID="log_watcher"
GROUPS="log_watcher:adm"

start() {
  echo "starting ${SVNAME}..."
  exec runuid -S ${GROUPS} ${RUNUID} /path/to/log_watcher
}

reset() {
  echo "resetting ${SVNAME}..."
  exit 0
}

eval ${TARGET} "$@"

### EOF

Wayne
http://b0llix.net/perp/