How do I designate the user under which to exec in the run file?
Execute as [user]?
How do I even ask the question?
I looked in the run files of nginx and php-fpm, but these programs apparently su on their own.
For example:
# cat ../nginx/run
#!/bin/sh
exec nginx -g 'daemon off;'
This ends up running under the http user, because nginx seems somehow able to designate the user which executes it after it has already been executed... That's a magic causality paradox and I don't know how...
I need to do a thing when boot:
# cat ../mything/run
#!/bin/sh
exec /bin/mything --myoptions
...but this ends up running as root. I don't want that. Double-plus ungood. Muh not secures.
I created an isolation user specifically for this service, but I can't find a single word in any of the runit docs about how to make it do.
Systemd(odo) had a specific field for designating the user... I don't know what to do.
Dunno how I missed it. Derp.
https://www.mikeperham.com/2014/07/07/use-runit/
It should be noted that this doesn't 100% work as expected...
While the service is now running under the correct user, instances in the command line which contain "~/" still populate with /root instead of /home/username when executed (as observed from top with the u and c options shows). The path will have to be explicitly stated.
chpst only changes the User ID of the invoked process. The HOME environment variable is not changed, that's why
~ doesn't work as expected. You can set HOME manually, though:
HOME=/home/user exec chpst -u user program
# now ~ will refer to /home/user.
Another possibility (though less advisable) is using sudo/runuser within the runit script. However, since sudo and runuser stay there while the "main" program runs, runit will not have direct control over the process, which is not an ideal scenario.