From: Jonathan de Boyne Pollard <J.deBoynePollard-newsgroups@NTLWorld.COM>
To: supervision@list.skarnet.org
Subject: Re: runit: run process in a tty
Date: Sat, 17 Oct 2020 11:43:32 +0100 [thread overview]
Message-ID: <40aba353-c950-5fd7-ab1b-7665c56a7d22@NTLWorld.COM> (raw)
In-Reply-To: <20201017003545.6k2vys6psg4izccg@frisbee>
Kian Kasad:
> Unable to open file: /dev/tty2: Operation not permitted.
>
Operating systems do a whole bunch of stuff when connecting user
programs to terminals, including changing the permissions of the
terminal device file to allow the logged-in user access. If you check
the terminal device file of a terminal where you have actually logged
in, you will find that it is owned by you, and that the device files of
terminals where you have not logged in are owned by the superuser. This
is one of several things that the login process does.
Taking ly's supplied systemd service unit and converting it using the
nosh toolset's convert-systemd-units command
(http://jdebp.uk./Softwares/nosh/guide/commands/convert-systemd-units.xml),
one obtains the following, which demonstrates that there are extra steps
involved and provides at least a pointer to how a "run" script for a
runit service should be constructed.
> % convert-systemd-units --no-systemd-quirks ./ly.service
> convert-systemd-units: WARNING: ./ly.service: Unused setting: [install] alias = display-manager.service
> %
> % system-control print-service-scripts ./ly
> start:#!/bin/nosh
> start:#Start file generated from ./ly.service
> start:true
> stop:#!/bin/nosh
> stop:#Stop file generated from ./ly.service
> stop:true
> run:#!/bin/nosh
> run:#Run file generated from ./ly.service
> run:#TUI display manager
> run:vc-get-tty /dev/tty2
> run:open-controlling-tty --revoke
> run:vc-reset-tty --hard-reset
> run:/usr/bin/ly
> restart:#!/bin/sh
> restart:#Restart file generated from ./ly.service
> restart:exec true # ignore script arguments
> %
Notice how the service invokes the open-controlling-tty program
(http://jdebp.uk./Softwares/nosh/guide/commands/open-controlling-tty.xml)
to open the terminal device file as standard I/O and to make it the
service's controlling terminal. It knows what terminal device because
that has been set up by the vc-get-tty program
(http://jdebp.uk./Softwares/nosh/guide/commands/vc-get-tty.xml) which
was passed the name "/dev/tty2".
Notice also how the service runs the "ly" program as the superuser. It
does not drop privileges by switching to an unprivileged account.
Furthermore, notice that there are two separate places where one tells
"ly" what terminal to use: in the service definition, as here, and in
the program's own configuration file.
prev parent reply other threads:[~2020-10-17 10:43 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-10-17 0:35 Kian Kasad
2020-10-17 4:50 ` Érico Nogueira
2020-10-17 10:43 ` Jonathan de Boyne Pollard [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=40aba353-c950-5fd7-ab1b-7665c56a7d22@NTLWorld.COM \
--to=j.deboynepollard-newsgroups@ntlworld.com \
--cc=supervision@list.skarnet.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).