Date: Wed, 14 Mar 2012 08:12:55 +0000 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: freebsd-questions@freebsd.org Subject: Re: start at boot, run as non-root Message-ID: <4F605307.8070907@infracaninophile.co.uk> In-Reply-To: <CAEFCw4s9rqaFgQ00APXuE0mpNtoDUQVOBT1wZzWbEi31NDXMtA@mail.gmail.com> References: <CAEFCw4s9rqaFgQ00APXuE0mpNtoDUQVOBT1wZzWbEi31NDXMtA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig4942BE213EE7008D15FA67EF
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
On 14/03/2012 07:30, n dhert wrote:
> I have FreeBSD8.2.
> Sedna, an XML database server, had no port in th FreeBSD ports collecti=
on
> but has a binary compiled for FreeBSD8 on www.sedna.org.
> I installed that.
> To start it at boot I created a script /usr/local/etc/rc.d/sedna :
> -----------------------------------------------
> #!/bin/sh
> #
> # PROVIDE: sedna
> # REQUIRE: DAEMON
> # KEYWORD: shutdown
> #
> . /etc/rc.subr
>=20
> name=3D"sedna"
> rcvar=3D${name}_enable
> command=3D/home/opt/sedna/bin/se_gov
>=20
> load_rc_config $name
>=20
> : ${sedna_enable=3D"NO"}
>=20
> run_rc_command "$1"
> --------------------------------------------
> and added sedna_enable=3D"YES" at the end of my /etc/rc.conf
>=20
> This way it starts at boot:
> $ ps -jaxww | grep se_
> root 7064 1 7064 7064 0 Is ?? 0:00.00
> /home/opt/sedna/bin/se_gov -background-mode off -listen-address localho=
st
> -port-number 5050 -ping-port-number 5151 -el-level 3 -alive-timeout 0
> -stack-depth 4000
> The deamon runs as root. I want it run by a non-root user, e.g. a user
> 'sedna''
>=20
> How can I do that?
>=20
> The sedna server binary se_gov has no option in its man-page to start t=
he
> program run as a different user ..
Add a variable:
${name}_user=3Dsedna
to the init script. The rc(8) system will use su(1) to start up the
sedna process using your selected username. There's also ${name}_group
but that works a bit differently.
I'm intrigued that this software should be supported on FreeBSD
upstream, but not appear in ports. Are there some onerous license terms
or other obstacles[*]? If not, would you consider submitting your work
as a port?
Cheers,
Matthew
[*] Seems it uses Apache licensing according to http://www.sedna.org/,
which is exceedingly FreeBSD compatible, so I don't think licensing
would be an obstacle.
--=20
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
JID: matthew@infracaninophile.co.uk Kent, CT11 9PW
--------------enig4942BE213EE7008D15FA67EF
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.16 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk9gUw0ACgkQ8Mjk52CukIzakwCfYCVFBHptT1P7olclsRdtanM6
2d8AoIynZeltdp3BzXh0dF8Yr5ofWMpp
=DeK2
-----END PGP SIGNATURE-----
--------------enig4942BE213EE7008D15FA67EF--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4F605307.8070907>