From: Robin Bowes <robin-lists@robinbowes.com>
Subject: Re: supervised processes controlled by non-root user?
Date: Thu, 15 Sep 2005 12:44:46 +0100 [thread overview]
Message-ID: <43295EAE.9080903@robinbowes.com> (raw)
In-Reply-To: <20050915093717.4944.qmail@0d59b37f3e46bc.315fe32.mid.smarden.org>
Gerrit Pape wrote:
> On Thu, Sep 15, 2005 at 09:30:02AM +0100, Robin Bowes wrote:
>
>>Is it possible to set up services that can be controlled by non-root
>>users? If so, how?
>>
>>(using daemontools 0.76)
>
>
> Add (e.g.)
>
> chown <user> ./supervise ./supervise/ok ./supervise/control ./supervise/status
>
> to the top of the ./run script. Now <user> can use svc to control the
> service, and svstat query status informations.
Does it need to go in the run script? Or will a one-off "chown -R
./supervise user" do the trick? Tell you what, I'll try it :)
Answer: the one-off command seems to work. ./supervise/status gets
chowned root but has 644 perms so is world-readable. In fact, chown user
./supervise/status in the run file doesn't set the owner of status anyway.
In summary, I did the following:
chown -R uname:group /service/svcname/supervise \
/service/svcname/log/supervise
The user "uname" can now control the service svcname.
Presumably this would work even if the service in question uses
privileged ports as the actual starting and stoping of the service is
done by the svscan process which is started by svscanboot?
> Or, if the complete service should be owned by the user, see
> http://article.gmane.org/gmane.comp.sysutils.supervision.general/795
This is a "nicer" solution. Is this possible with daemontools, or only
using your runit package?
Thanks v. much.
R.
--
http://robinbowes.com
If a man speaks in a forest,
and his wife's not there,
is he still wrong?
next prev parent reply other threads:[~2005-09-15 11:44 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-09-15 8:30 Robin Bowes
2005-09-15 9:42 ` Gerrit Pape
2005-09-15 11:44 ` Robin Bowes [this message]
2005-09-15 12:05 ` Thomas Schwinge
2005-09-15 12:17 ` Robin Bowes
2005-10-26 10:12 ` tkooda-list-skarnet.org-supervision-dated-60128960.bmlhi
2005-10-30 12:43 ` Robin Bowes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=43295EAE.9080903@robinbowes.com \
--to=robin-lists@robinbowes.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).