From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.comp.sysutils.supervision.general/639
Path: main.gmane.org!not-for-mail
From: Ian Stokes-Rees <i.stokes-rees1@physics.ox.ac.uk>
Newsgroups: gmane.comp.sysutils.supervision.general
Subject: Re: Invoking runsvctrl as non-root
Date: Wed, 01 Dec 2004 09:03:17 +0000
Message-ID: <41AD88D5.8040504@physics.ox.ac.uk>
References: <1101863206.3060.236.camel@localhost.localdomain> <pan.2004.12.01.03.03.08.397958@spamcop.net>
NNTP-Posting-Host: deer.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
X-Trace: sea.gmane.org 1101891655 26442 80.91.229.6 (1 Dec 2004 09:00:55 GMT)
X-Complaints-To: usenet@sea.gmane.org
NNTP-Posting-Date: Wed, 1 Dec 2004 09:00:55 +0000 (UTC)
Cc: supervision@list.skarnet.org
Original-X-From: supervision-return-878-gcsg-supervision=m.gmane.org@list.skarnet.org Wed Dec 01 10:00:51 2004
Return-path: <supervision-return-878-gcsg-supervision=m.gmane.org@list.skarnet.org>
Original-Received: from antah.skarnet.org ([212.85.147.14] ident=qmailr)
	by deer.gmane.org with smtp (Exim 3.35 #1 (Debian))
	id 1CZQLy-0000mE-00
	for <gcsg-supervision@gmane.org>; Wed, 01 Dec 2004 10:00:50 +0100
Original-Received: (qmail 15455 invoked by uid 76); 1 Dec 2004 09:01:11 -0000
Mailing-List: contact supervision-help@list.skarnet.org; run by ezmlm
List-Post: <mailto:supervision@list.skarnet.org>
List-Help: <mailto:supervision-help@list.skarnet.org>
List-Unsubscribe: <mailto:supervision-unsubscribe@list.skarnet.org>
List-Subscribe: <mailto:supervision-subscribe@list.skarnet.org>
List-Archive: <http://www.skarnet.org/lists/>
Original-Received: (qmail 15449 invoked from network); 1 Dec 2004 09:01:11 -0000
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.2) Gecko/20040803
X-Accept-Language: en-us, en
Original-To: Charles Duffy <cduffy@spamcop.net>
In-Reply-To: <pan.2004.12.01.03.03.08.397958@spamcop.net>
Xref: main.gmane.org gmane.comp.sysutils.supervision.general:639
X-Report-Spam: http://spam.gmane.org/gmane.comp.sysutils.supervision.general:639

Hi,

Charles Duffy wrote:
>>I'm running into a permissions issue trying to invoke runsvctrl as a
>>non-root user
> 
> As the message implies, you need to give some permissions to the
> user you want to allow runsvctrl and runsvstat -- most particularly, write
> access to the socket ./supervise/control and read access to ./supervise/ok
> and ./supervise/status.

Put another way, I have seen this happen when I start a service as root, 
which then creates directories, files and sockets which *only* root can 
read and write, and then I want to control that same service with a 
non-root user.  I think this actually goes for *any* change between the 
first user to invoke runit commands on a service and subsequent users.

The trick is to manually change the access permissions, so other users 
can access the service.  Make sure they are the users you want to be 
able to access the service!  I am pretty sure those permissions will 
stick and runit won't overwrite them, unless the 
directories/files/sockets are deleted and re-created.  UMASK might come 
into play here, but I'm not sure.

HTH,

Ian.
-- 
Ian Stokes-Rees              i.stokes-rees@physics.ox.ac.uk
Particle Physics, Oxford     http://grid.physics.ox.ac.uk/~stokes