From owner-freebsd-questions@FreeBSD.ORG Fri Nov 30 15:27:38 2007 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id B10E116A41B for ; Fri, 30 Nov 2007 15:27:38 +0000 (UTC) (envelope-from dan@dan.emsphone.com) Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101]) by mx1.freebsd.org (Postfix) with ESMTP id 7B93813C448 for ; Fri, 30 Nov 2007 15:27:38 +0000 (UTC) (envelope-from dan@dan.emsphone.com) Received: (from dan@localhost) by dan.emsphone.com (8.14.1/8.14.1) id lAUFRbvi026119; Fri, 30 Nov 2007 09:27:37 -0600 (CST) (envelope-from dan) Date: Fri, 30 Nov 2007 09:27:37 -0600 From: Dan Nelson To: rihad Message-ID: <20071130152736.GI35339@dan.emsphone.com> References: <474FD878.5020801@mail.ru> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <474FD878.5020801@mail.ru> X-OS: FreeBSD 7.0-BETA3 User-Agent: Mutt/1.5.16 (2007-06-09) Cc: freebsd-questions@freebsd.org Subject: Re: running port as non-root X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 30 Nov 2007 15:27:38 -0000 In the last episode (Nov 30), rihad said: > Hi, I'm trying to run the net/openradius port as non-root > by first changing /usr/local/etc/rc.d/openradius: > > . /etc/rc.subr > > name="openradius" > rcvar=`set_rcvar` > > load_rc_config ${name} > > : ${openradius_enable="NO"} > : ${openradius_flags="-o /var/log/openradius.log"} > > -command=/usr/local/sbin/radiusd > +command=/usr/local/bin/sudo > +flags="-u radius /usr/local/sbin/radiusd" It's much cleaner to simply set openradius_user=radius and let rc.subr handle the userid switching using su. > run_rc_command "$1" > > (Lines marked with -/+ were removed/added by me, respectively). > > Then I add the radius user, allow it to run without sudo's asking for > the password, and finally start the thing up: > # pw useradd radius -d /nonexistent -s /usr/sbin/nologin > # visudo > # ... do the necessary chown/chmod on openradius logs/dictionaries ... > # /usr/local/etc/rc.d/openradius start > > All fine so far: everything starts up fine and runs. The problem starts > here: > # /usr/local/etc/rc.d/openradius stop > openradius not running? > # ps -auxww | fgrep radiusd > radius 89300 0.0 0.0 3756 1588 ?? Is 10:56AM 0:00.00 /usr/local/sbin/radiusd > ... > > any built-in way to make "stop" work, without changing rc.d/ too much? Problem is you set command=/usr/local/bin/sudo, so the stop sequence isn't looking for radiusd at all. For more info on rc scripts, see the rc.subr manpage and http://www.freebsd.org/doc/en_US.ISO8859-1/articles/rc-scripting/index.html -- Dan Nelson dnelson@allantgroup.com