Re: supervised processes controlled by non-root user?

supervision - discussion about system services, daemon supervision, init, runlevel management, and tools such as s6 and runit
 help / color / mirror / Atom feed

From: Robin Bowes <robin-lists@robinbowes.com>
Subject: Re: supervised processes controlled by non-root user?
Date: Thu, 15 Sep 2005 12:44:46 +0100	[thread overview]
Message-ID: <43295EAE.9080903@robinbowes.com> (raw)
In-Reply-To: <20050915093717.4944.qmail@0d59b37f3e46bc.315fe32.mid.smarden.org>

Gerrit Pape wrote:
> On Thu, Sep 15, 2005 at 09:30:02AM +0100, Robin Bowes wrote:
> 
>>Is it possible to set up services that can be controlled by non-root 
>>users? If so, how?
>>
>>(using daemontools 0.76)
> 
> 
> Add (e.g.)
> 
>  chown <user> ./supervise ./supervise/ok ./supervise/control ./supervise/status
> 
> to the top of the ./run script.  Now <user> can use svc to control the
> service, and svstat query status informations.

Does it need to go in the run script? Or will a one-off "chown -R
./supervise user" do the trick? Tell you what, I'll try it :)

Answer: the one-off command seems to work. ./supervise/status gets
chowned root but has 644 perms so is world-readable. In fact, chown user
./supervise/status in the run file doesn't set the owner of status anyway.

In summary, I did the following:

chown -R uname:group /service/svcname/supervise \
   /service/svcname/log/supervise

The user "uname" can now control the service svcname.

Presumably this would work even if the service in question uses
privileged ports as the actual starting and stoping of the service is
done by the svscan process which is started by svscanboot?

> Or, if the complete service should be owned by the user, see
>  http://article.gmane.org/gmane.comp.sysutils.supervision.general/795

This is a "nicer" solution. Is this possible with daemontools, or only
using your runit package?

Thanks v. much.

R.
-- 
http://robinbowes.com

If a man speaks in a forest,
and his wife's not there,
is he still wrong?

next prev parent reply	other threads:[~2005-09-15 11:44 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2005-09-15  8:30 Robin Bowes
2005-09-15  9:42 ` Gerrit Pape
2005-09-15 11:44   ` Robin Bowes [this message]
2005-09-15 12:05     ` Thomas Schwinge
2005-09-15 12:17       ` Robin Bowes
2005-10-26 10:12 ` tkooda-list-skarnet.org-supervision-dated-60128960.bmlhi
2005-10-30 12:43   ` Robin Bowes

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=43295EAE.9080903@robinbowes.com \
    --to=robin-lists@robinbowes.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).