Skip to main content
Topic solved
This topic has been marked as solved and requires no further attention.
Topic: [SOLVED] How to exec as a specific user? (Read 1339 times) previous topic - next topic
0 Members and 1 Guest are viewing this topic.

[SOLVED] How to exec as a specific user?

How do I designate the user under which to exec in the run file?
Execute as [user]?
How do I even ask the question?

I looked in the run files of nginx and php-fpm, but these programs apparently su on their own.

For example:
Code: [Select]
# cat ../nginx/run 
#!/bin/sh
exec nginx -g 'daemon off;'
This ends up running under the http user, because nginx seems somehow able to designate the user which executes it after it has already been executed... That's a magic causality paradox and I don't know how...

I need to do a thing when boot:
Code: [Select]
# cat ../mything/run 
#!/bin/sh
exec /bin/mything --myoptions
...but this ends up running as root. I don't want that. Double-plus ungood. Muh not secures.

I created an isolation user specifically for this service, but I can't find a single word in any of the runit docs about how to make it do.

Systemd(odo) had a specific field for designating the user... I don't know what to do.

Re: How to exec as a specific user?

Reply #1
Dunno how I missed it. Derp.
Quote
Customizing Startup

The final piece of starting a process is controlling its environment: which env vars it sees, the user it runs as, etc. With runit, all of this is handled with the chpst (change process state) helper. If you want to run the memcached daemon as nobody, it’s a slight tweak to the run script:

#!/bin/sh
exec chpst -u nobody /usr/local/bin/memcached -m 64
So easy!
https://www.mikeperham.com/2014/07/07/use-runit/

Re: How to exec as a specific user?

Reply #2
It should be noted that this doesn't 100% work as expected...

While the service is now running under the correct user, instances in the command line which contain "~/" still populate with /root instead of /home/username when executed (as observed from top with the u and c options shows). The path will have to be explicitly stated.

 

Re: How to exec as a specific user?

Reply #3
chpst only changes the User ID of the invoked process. The HOME environment variable is not changed, that's why ~ doesn't work as expected. You can set HOME manually, though:

Code: [Select]
HOME=/home/user exec chpst -u user program
# now ~ will refer  to /home/user.

Another possibility (though less advisable) is using sudo/runuser within the runit script. However, since sudo and runuser stay there while the "main" program runs, runit will not have direct control over the process, which is not an ideal scenario.