Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 30 Nov 2007 09:27:37 -0600
From:      Dan Nelson <dnelson@allantgroup.com>
To:        rihad <rihad@mail.ru>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: running port as non-root
Message-ID:  <20071130152736.GI35339@dan.emsphone.com>
In-Reply-To: <474FD878.5020801@mail.ru>
References:  <474FD878.5020801@mail.ru>
next in thread | previous in thread | raw e-mail | index | archive | help 
In the last episode (Nov 30), rihad said:
> Hi, I'm trying to run the net/openradius port as non-root
> by first changing /usr/local/etc/rc.d/openradius:
> 
> . /etc/rc.subr
> 
> name="openradius"
> rcvar=`set_rcvar`
> 
> load_rc_config ${name}
> 
> : ${openradius_enable="NO"}
> : ${openradius_flags="-o /var/log/openradius.log"}
> 
> -command=/usr/local/sbin/radiusd
> +command=/usr/local/bin/sudo
> +flags="-u radius /usr/local/sbin/radiusd"

It's much cleaner to simply set openradius_user=radius and let rc.subr
handle the userid switching using su.
 
> run_rc_command "$1"
> 
> (Lines marked with -/+ were removed/added by me, respectively).
> 
> Then I add the radius user, allow it to run without sudo's asking for
> the password, and finally start the thing up:
> # pw useradd radius -d /nonexistent -s /usr/sbin/nologin
> # visudo
> # ... do the necessary chown/chmod on openradius logs/dictionaries ...
> # /usr/local/etc/rc.d/openradius start
> 
> All fine so far: everything starts up fine and runs. The problem starts
> here:
> # /usr/local/etc/rc.d/openradius stop
> openradius not running?
> # ps -auxww | fgrep radiusd
> radius 89300  0.0  0.0  3756  1588  ??  Is   10:56AM   0:00.00 /usr/local/sbin/radiusd
> ...
> 
> any built-in way to make "stop" work, without changing rc.d/ too much?

Problem is you set command=/usr/local/bin/sudo, so the stop sequence
isn't looking for radiusd at all.

For more info on rc scripts, see the rc.subr manpage and
http://www.freebsd.org/doc/en_US.ISO8859-1/articles/rc-scripting/index.html

-- 
	Dan Nelson
	dnelson@allantgroup.com

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071130152736.GI35339>