Making local per user services

Topic: Making local per user services (Read 1207 times) previous topic - next topic

0 Members and 2 Guests are viewing this topic.

Making local per user services

06 September 2020, 13:42:59

How could one make a local service scan dir for a local user that that user could manage and put his own run files etc..., all of course, with no root permissions (exept for setting it up maybe)?

Re: Making local per user services

Reply #1 – 06 September 2020, 17:49:03

Which init? Can you provide an example?

Re: Making local per user services

Reply #2 – 06 September 2020, 18:14:22

Quote from: nous – on 06 September 2020, 17:49:03

Which init? Can you provide an example?

I used to have this in runit, basicaly a directory in /home/user/services (or whatever) that functioned like /var/service, the default sv directory for runit in void linux.
This service was first created by making a service to start another service for watching my user directory.
How could this be done in s6? So i could do like s6-rc -u change servicename as a local user, with it being in /home/user/services/servicename (/run,...)

Re: Making local per user services

Reply #3 – 07 September 2020, 18:15:35

As I read about S6 I think is not possible to do such thing. At least no as you think. I hope @Dudemanguy be here to correct me if I am wrong.

However if you check the "Syncthing" package, with "s6-setuidgid" you can run a software as another user, more information https://skarnet.org/software/s6/s6-setuidgid.html

I also extracted this from the official page:

however, for security purposes, services should not run as root if they don't need to. You can use the s6-setuidgid utility in foo/run to lose privileges before executing into foo's long-lived process; or the s6-envuidgid utility if your long-lived process needs root privileges at start time but can drop them afterwards.

If you want to see examples about s6 scripts, you can check here.

Re: Making local per user services

Reply #4 – 07 September 2020, 19:34:48

If I'm interpreting @constatinus correctly, he was to be able to do everything as a local user with no root permissions at all. Not just simply run a daemon as a non-root user. That's a tall order. It might be possible but I'm not 100% sure. It's also somewhat complicated (far more than whatever you were doing for runit) and a forum post won't be able to walk you through it. You'd have to read through the skarnet docs.

If you really want to do this though, you would have to forgo using s6-rc entirely. If you look at the handy link that @jrballesteros05 posted and scroll down to the bottom, you'll notice that s6-rc copies all the service directories to a location owned by root (/run/service on Artix) which means you need root permissions to do anything with s6-rc.

That means you would have to write up your own service directories in some local user location and then use only s6 binaries (not s6-rc ones) to manage them. I don't know the details of setting up something like this. It may be possible you run into some root-related requirement at some point, but perhaps such a setup could be done all locally. You would probably have to run a separate s6-svscan command on those service directories as well.

Regardless, I don't really recommend doing this. It would be extremely convoluted in any case. I would say either integrate them with the existing s6-rc source directories and compile them with s6-rc-compile or find some, non-init related method of launching them. Or I guess use runit.

Re: Making local per user services

Reply #5 – 07 September 2020, 19:55:45

Alright, so i do not need to do this with no root permissions at all. I want to use the root permissions to create the service that would be scanning my user service, but from that point on, i shouldnt need to use root permissions to manage my local user directory.
That directory is watched by s6-svcscan or whatever is scanning the services, and that s6-svcscan is, because i see that theres hardly any way to do this as a non-root user bootstrapping, run by the root user. Howevere all of the services that are running from that process are forced to be ownership of the local user (or another user if he can do that).
This is the runit way.

Re: Making local per user services

Reply #6 – 07 September 2020, 20:07:51

I'm not sure. You can attempt to change permissions on those files in /run/s6-rc/servicedirs and so on, but some brief attempts on my end still had permission errors. s6-rc needs to take certain locks. I don't know where they are all located.

Re: Making local per user services

Reply #7 – 07 September 2020, 21:20:47

Solved it, even without using ANY root permissions:
made ~/s6
made ~/s6/database-source
mkdir ~/s6/database-source/sleeper

sleeper/run:
#!/bin/sh
exec sleep 21

sleeper/type:
longrun

s6-rc-compile $HOME/s6/database $HOME/s6/database-source
mkdir ~/s6/scandir
now open up another terminal or do setsid -f,...
s6-svscan $HOME/s6/scandir
s6-rc-init -c $HOME/s6/database -l $HOME/s6/live $HOME/s6/scandir
and, to start the service:
s6-rc -l $HOME/s6/live -u change sleeper
and sleeper is up

Re: Making local per user services

Reply #8 – 07 September 2020, 21:41:02

Wow, that's actually a lot simplier than I was expecting. Nice job.

Re: Making local per user services

Reply #9 – 07 September 2020, 21:44:25

I don't know what you think about it but in my opinion something like this needs a wiki entry.

I was looking to do something similar in the past and I couldn't.