Subject: Re: Running daemon as non-root user from rc.d?
To: None <netbsd-help@netbsd.org>
From: Jukka Salmi <j+nbsd@2006.salmi.ch>
List: netbsd-help
Date: 05/25/2006 22:10:04
Amadeus Stevenson --> netbsd-help (2006-05-25 13:12:58 +0100):
> I was wondering how daemons like apache run as non-root users (www for
> example)?
If apache is run as root initially it drops privileges after startup (see the `User' and `Group' directives). The rc script has nothing to do with this.
> I have a non-pkgsrc rc.d script that contains:
>
> if [ "$who" = root ]
> then
> su $SQUIDUSER -c "$SQUIDDIR/bin/daemonx $D_OPTIONS -c $
> SQUIDDIR/etc/daemonx.conf"
> else
> $SQUIDDIR/bin/daemonx $D_OPTIONS -c
> $SQUIDDIR/etc/daemonx.conf
> fi
>
> The problem is that $SQUIDUSER has /sbin/nologin as its shell, so su fails.
Try `su -m ...'.
See read /etc/rc.subr and search for `_user' to see how this could be
done correctly.
> In the end this daemon has worker threads which *are* run as
> $SQUIDUSER from squid, and the daemon gets swapped out. Does this mean
> I don't have to worry? The deamonx has no open files (from fstat, nor
> can I "see" it in ps -ax.
>
> Running 'fstat | grep squid' shows a lot of open files
>
> squid squid 22170 13 / 11441 -rw-r--r-- 76201 w
> ...
>
> but also
>
> root squid 18646 wd /usr 304131 drwxr-xr-x 512 r
> root squid 18646 0 / 19964 crw-rw-rw- null rw
> root squid 18646 1 / 19964 crw-rw-rw- null rw
> root squid 18646 2 / 19964 crw-rw-rw- null rw
> root squid 18646 3 / 19964 crw-rw-rw- null rw
> root squid 18646 4* unix dgram c06633c0 <-> c066ca80
>
> Is this from /etc/rc.d when it is loaded as root?
I don't know squid, but this looks as if it would behave as apache
does. BTW: why are you not using the squid rc script from pkgsrc?
HTH, Jukka
--
bashian roulette:
$ ((RANDOM%6)) || rm -rf ~