[Novalug] init.d scripts for running as non-root

John Holland jbholland@gmail.com
Thu Apr 28 16:26:51 EDT 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've been working on setting this up - we are using
a product (JON) that runs as a JBoss server and it supplies a
script to be used in /etc/init.d. Actually there is also an accompanying
product RHQ-Agent which also supplies a script.

I want it to run as a service but not as root. The way httpd and many
other services do.

The scripts are somewhat involved. My first attack was to just modify
the parts of the script that did anything to run the program or touch
the filesystem eg create ".pid" files. For the one product that worked.

The other one (JON) was not working with this approach. I reached a
point where I was going to have a script that was called from within the
init.d script. At that point I decided why not make my own init.d script
that just calls theirs via su?

So that seems to be working. Actually their one script was more amenable
to this than the other so I have one of each type now.

Does anyone see any pitfalls with this? I'm looking out for any files or
resources that it will need permissions on and making them owned by the
process user.  Or is there a simpler way?

I did find the "daemon" routine in /etc/init.d/functions but I didn't
really see how to use it.

John
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJNuc2LAAoJEKaH5XjsiQW+DagH/iTFkZkSuc2i3Zot7a9QAg/D
uXiztKBXuqrwVj8RCxBctWfzaixW7WoS0Rj4dQ0n/3fOVmmmsOSbzCNsBlL7bTgk
2PWJPdb2bYjosIdERMUYbesYsWJxPwkf4IWhmeZkAnCl/pkPrjTN/sLUECHOSwse
48QftwYfP7DCXkEOQuvw3ublMb6m4q9wGEHQhcs2+xJ7xsi3bhXDxXYtdomrXosz
sNbTzo4Zls6elntblwItR+d582hRZOlqtmRrh/ObbrbBO5dKDl76OW7VctQxRkZc
GoYwmJXOW5sbYjmZ9ddUsHwJUhkT5+PFvlxLNyrJQ0TSLOuhb/+r/fJERpuVAvw=
=h5GF
-----END PGP SIGNATURE-----



More information about the Novalug mailing list