Subject: Re: operator shutdowns and su
To: Julio M. Merino Vidal <firstname.lastname@example.org>
From: Hauke Fath <hauke@Espresso.Rhein-Neckar.DE>
Date: 05/13/2006 18:00:48
At 13:12 Uhr +0200 13.5.2006, Julio M. Merino Vidal wrote:
>The mldonkey package in pkgsrc includes a rc.d script that launches
>the mldonkey daemon as an unprivileged user. In order to do that, it
>defines the mldonkey_user variable which makes the rc.subr framework
>call 'su' where appropriate.
>This causes problems if you allow users in the 'operator' group to
>shutdown the machine. When they issue a shutdown, rc.subr will ask
>mldonkey to stop by attempting to 'su' to the mldonkey_user. This
>stalls the shutdown process because 'su' needs a password to continue.
Might be a common pattern for services that run with a distinct userid and
have to explicitely be stopped during system shutdown?
I remember similar issues with a postgresql installation, where the pgsql
shutdown failed because the user (member of group operator) could not su to
the pgsql user in order to stop the database.
"It's never straight up and down" (DEVO)