Amadeus Stevenson --> netbsd-help (2006-05-25 13:12:58 +0100):
> I was wondering how daemons like apache run as non-root users (www for 
> example)?

If apache is run as root initially it drops privileges after startup (see the `User' and `Group' directives). The rc script has nothing to do with this.


> I have a non-pkgsrc rc.d script that contains:
> 
>                if [ "$who" = root ]
>                then
>                   su $SQUIDUSER -c "$SQUIDDIR/bin/daemonx $D_OPTIONS -c $
> SQUIDDIR/etc/daemonx.conf"
>                else
>                   $SQUIDDIR/bin/daemonx $D_OPTIONS -c
> $SQUIDDIR/etc/daemonx.conf
>                fi
> 
> The problem is that $SQUIDUSER has /sbin/nologin as its shell, so su fails.

Try `su -m ...'.

See read /etc/rc.subr and search for `_user' to see how this could be
done correctly.


> In the end this daemon has worker threads which *are* run as
> $SQUIDUSER from squid, and the daemon gets swapped out. Does this mean
> I don't have to worry? The deamonx has no open files (from fstat, nor
> can I "see" it in ps -ax.
> 
> Running 'fstat | grep squid' shows a lot of open files
> 
> squid    squid      22170   13 /          11441 -rw-r--r--   76201 w
> ...
> 
> but also
> 
> root     squid      18646   wd /usr      304131 drwxr-xr-x     512 r
> root     squid      18646    0 /          19964 crw-rw-rw-    null rw
> root     squid      18646    1 /          19964 crw-rw-rw-    null rw
> root     squid      18646    2 /          19964 crw-rw-rw-    null rw
> root     squid      18646    3 /          19964 crw-rw-rw-    null rw
> root     squid      18646    4* unix dgram c06633c0 <-> c066ca80
> 
> Is this from /etc/rc.d when it is loaded as root?

I don't know squid, but this looks as if it would behave as apache
does. BTW: why are you not using the squid rc script from pkgsrc?


HTH, Jukka

-- 
bashian roulette:
$ ((RANDOM%6)) || rm -rf ~