* supervised processes controlled by non-root user?
@ 2005-09-15 8:30 Robin Bowes
2005-09-15 9:42 ` Gerrit Pape
2005-10-26 10:12 ` tkooda-list-skarnet.org-supervision-dated-60128960.bmlhi
0 siblings, 2 replies; 7+ messages in thread
From: Robin Bowes @ 2005-09-15 8:30 UTC (permalink / raw)
Hi,
Is it possible to set up services that can be controlled by non-root
users? If so, how?
(using daemontools 0.76)
Thanks,
R.
--
http://robinbowes.com
If a man speaks in a forest,
and his wife's not there,
is he still wrong?
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: supervised processes controlled by non-root user?
2005-09-15 8:30 supervised processes controlled by non-root user? Robin Bowes
@ 2005-09-15 9:42 ` Gerrit Pape
2005-09-15 11:44 ` Robin Bowes
2005-10-26 10:12 ` tkooda-list-skarnet.org-supervision-dated-60128960.bmlhi
1 sibling, 1 reply; 7+ messages in thread
From: Gerrit Pape @ 2005-09-15 9:42 UTC (permalink / raw)
On Thu, Sep 15, 2005 at 09:30:02AM +0100, Robin Bowes wrote:
> Is it possible to set up services that can be controlled by non-root
> users? If so, how?
>
> (using daemontools 0.76)
Add (e.g.)
chown <user> ./supervise ./supervise/ok ./supervise/control ./supervise/status
to the top of the ./run script. Now <user> can use svc to control the
service, and svstat query status informations.
Or, if the complete service should be owned by the user, see
http://article.gmane.org/gmane.comp.sysutils.supervision.general/795
Regards, Gerrit.
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: supervised processes controlled by non-root user?
2005-09-15 9:42 ` Gerrit Pape
@ 2005-09-15 11:44 ` Robin Bowes
2005-09-15 12:05 ` Thomas Schwinge
0 siblings, 1 reply; 7+ messages in thread
From: Robin Bowes @ 2005-09-15 11:44 UTC (permalink / raw)
Gerrit Pape wrote:
> On Thu, Sep 15, 2005 at 09:30:02AM +0100, Robin Bowes wrote:
>
>>Is it possible to set up services that can be controlled by non-root
>>users? If so, how?
>>
>>(using daemontools 0.76)
>
>
> Add (e.g.)
>
> chown <user> ./supervise ./supervise/ok ./supervise/control ./supervise/status
>
> to the top of the ./run script. Now <user> can use svc to control the
> service, and svstat query status informations.
Does it need to go in the run script? Or will a one-off "chown -R
./supervise user" do the trick? Tell you what, I'll try it :)
Answer: the one-off command seems to work. ./supervise/status gets
chowned root but has 644 perms so is world-readable. In fact, chown user
./supervise/status in the run file doesn't set the owner of status anyway.
In summary, I did the following:
chown -R uname:group /service/svcname/supervise \
/service/svcname/log/supervise
The user "uname" can now control the service svcname.
Presumably this would work even if the service in question uses
privileged ports as the actual starting and stoping of the service is
done by the svscan process which is started by svscanboot?
> Or, if the complete service should be owned by the user, see
> http://article.gmane.org/gmane.comp.sysutils.supervision.general/795
This is a "nicer" solution. Is this possible with daemontools, or only
using your runit package?
Thanks v. much.
R.
--
http://robinbowes.com
If a man speaks in a forest,
and his wife's not there,
is he still wrong?
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: supervised processes controlled by non-root user?
2005-09-15 11:44 ` Robin Bowes
@ 2005-09-15 12:05 ` Thomas Schwinge
2005-09-15 12:17 ` Robin Bowes
0 siblings, 1 reply; 7+ messages in thread
From: Thomas Schwinge @ 2005-09-15 12:05 UTC (permalink / raw)
Cc: supervision
On Thu, Sep 15, 2005 at 12:44:46PM +0100, Robin Bowes wrote:
> Presumably this would work even if the service in question uses
> privileged ports as the actual starting and stoping of the service is
> done by the svscan process which is started by svscanboot?
Yes.
> >Or, if the complete service should be owned by the user, see
> > http://article.gmane.org/gmane.comp.sysutils.supervision.general/795
>
> This is a "nicer" solution. Is this possible with daemontools, or only
> using your runit package?
There once was a web page that described how to set up a service
directory in a user's home directory.
I can't find the URL at the moment, but the procedure was something like
having a service /service/user_service-USER, which has
#v+
exec \
setuidgid USER \
svscan ~USER/service
#v-
... in its run file.
Regards,
Thomas
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: supervised processes controlled by non-root user?
2005-09-15 12:05 ` Thomas Schwinge
@ 2005-09-15 12:17 ` Robin Bowes
0 siblings, 0 replies; 7+ messages in thread
From: Robin Bowes @ 2005-09-15 12:17 UTC (permalink / raw)
Thomas Schwinge wrote:
>On Thu, Sep 15, 2005 at 12:44:46PM +0100, Robin Bowes wrote:
>
>
>>>Or, if the complete service should be owned by the user, see
>>>http://article.gmane.org/gmane.comp.sysutils.supervision.general/795
>>>
>>>
>>This is a "nicer" solution. Is this possible with daemontools, or only
>>using your runit package?
>>
>>
>
>There once was a web page that described how to set up a service
>directory in a user's home directory.
>I can't find the URL at the moment, but the procedure was something like
>having a service /service/user_service-USER, which has
>#v+
>exec \
>setuidgid USER \
>svscan ~USER/service
>#v-
>... in its run file.
>
>
Thomas,
If you find the link please let me know.
Also, what are the #v+ and #v- lines in the snippet above?
Thanks,
R.
--
http://robinbowes.com
If a man speaks in a forest,
and his wife's not there,
is he still wrong?
^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: supervised processes controlled by non-root user?
2005-09-15 8:30 supervised processes controlled by non-root user? Robin Bowes
2005-09-15 9:42 ` Gerrit Pape
@ 2005-10-26 10:12 ` tkooda-list-skarnet.org-supervision-dated-60128960.bmlhi
2005-10-30 12:43 ` Robin Bowes
1 sibling, 1 reply; 7+ messages in thread
From: tkooda-list-skarnet.org-supervision-dated-60128960.bmlhi @ 2005-10-26 10:12 UTC (permalink / raw)
On Thu, 15 Sep 2005, Robin Bowes wrote:
> Is it possible to set up services that can be controlled by non-root
> users? If so, how?
>
> (using daemontools 0.76)
I supervise another copy of svscan for each user so they can
add/delete/control their own services:
http://devsec.org/info/superviseuser.html
(the same could be done using runit instead of daemontools)
--
Thor Kooda
^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2005-10-30 12:43 UTC | newest]
Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2005-09-15 8:30 supervised processes controlled by non-root user? Robin Bowes
2005-09-15 9:42 ` Gerrit Pape
2005-09-15 11:44 ` Robin Bowes
2005-09-15 12:05 ` Thomas Schwinge
2005-09-15 12:17 ` Robin Bowes
2005-10-26 10:12 ` tkooda-list-skarnet.org-supervision-dated-60128960.bmlhi
2005-10-30 12:43 ` Robin Bowes
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).