From owner-freebsd-questions@FreeBSD.ORG Wed Mar 14 08:13:07 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E9EC8106566B for ; Wed, 14 Mar 2012 08:13:06 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) by mx1.freebsd.org (Postfix) with ESMTP id 49A208FC17 for ; Wed, 14 Mar 2012 08:13:06 +0000 (UTC) Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk [IPv6:2001:8b0:151:1:fa1e:dfff:feda:c0bb]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.5/8.14.5) with ESMTP id q2E8D22f045974 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for ; Wed, 14 Mar 2012 08:13:02 GMT (envelope-from m.seaman@infracaninophile.co.uk) X-DKIM: OpenDKIM Filter v2.5.0 smtp.infracaninophile.co.uk q2E8D22f045974 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=infracaninophile.co.uk; s=201001-infracaninophile; t=1331712782; bh=QZXg9+UQgpeOBdx7BJS5cezm2AmIhbYmDNwVFL6/tBo=; h=Date:From:To:Subject:References:In-Reply-To:Cc:Content-Type: Message-ID:Mime-Version; b=jYdk+W1+6cWXmb26MMNySrM+SCs5I28xm6Cg0UJipfFSoVOepIp6nWyv5/ALFLJND 1dVyRtPs6JRxDGFmIQZ8Y2ZV+49Kvy6febF4QU9nQEpYu5iaRVJxPm4qFKN2Ot/N2f GZS0cAktJjusL5cz2ax9w5z5LMN85p+ngGXcCTS8= Message-ID: <4F605307.8070907@infracaninophile.co.uk> Date: Wed, 14 Mar 2012 08:12:55 +0000 From: Matthew Seaman User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2 MIME-Version: 1.0 To: freebsd-questions@freebsd.org References: In-Reply-To: X-Enigmail-Version: 1.3.5 OpenPGP: id=60AE908C Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enig4942BE213EE7008D15FA67EF" X-Virus-Scanned: clamav-milter 0.97.3 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.1 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, DKIM_ADSP_ALL,DKIM_SIGNED,T_DKIM_INVALID autolearn=no version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on lucid-nonsense.infracaninophile.co.uk Subject: Re: start at boot, run as non-root X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Mar 2012 08:13:07 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig4942BE213EE7008D15FA67EF Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 14/03/2012 07:30, n dhert wrote: > I have FreeBSD8.2. > Sedna, an XML database server, had no port in th FreeBSD ports collecti= on > but has a binary compiled for FreeBSD8 on www.sedna.org. > I installed that. > To start it at boot I created a script /usr/local/etc/rc.d/sedna : > ----------------------------------------------- > #!/bin/sh > # > # PROVIDE: sedna > # REQUIRE: DAEMON > # KEYWORD: shutdown > # > . /etc/rc.subr >=20 > name=3D"sedna" > rcvar=3D${name}_enable > command=3D/home/opt/sedna/bin/se_gov >=20 > load_rc_config $name >=20 > : ${sedna_enable=3D"NO"} >=20 > run_rc_command "$1" > -------------------------------------------- > and added sedna_enable=3D"YES" at the end of my /etc/rc.conf >=20 > This way it starts at boot: > $ ps -jaxww | grep se_ > root 7064 1 7064 7064 0 Is ?? 0:00.00 > /home/opt/sedna/bin/se_gov -background-mode off -listen-address localho= st > -port-number 5050 -ping-port-number 5151 -el-level 3 -alive-timeout 0 > -stack-depth 4000 > The deamon runs as root. I want it run by a non-root user, e.g. a user > 'sedna'' >=20 > How can I do that? >=20 > The sedna server binary se_gov has no option in its man-page to start t= he > program run as a different user .. Add a variable: ${name}_user=3Dsedna to the init script. The rc(8) system will use su(1) to start up the sedna process using your selected username. There's also ${name}_group but that works a bit differently. I'm intrigued that this software should be supported on FreeBSD upstream, but not appear in ports. Are there some onerous license terms or other obstacles[*]? If not, would you consider submitting your work as a port? Cheers, Matthew [*] Seems it uses Apache licensing according to http://www.sedna.org/, which is exceedingly FreeBSD compatible, so I don't think licensing would be an obstacle. --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matthew@infracaninophile.co.uk Kent, CT11 9PW --------------enig4942BE213EE7008D15FA67EF Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk9gUw0ACgkQ8Mjk52CukIzakwCfYCVFBHptT1P7olclsRdtanM6 2d8AoIynZeltdp3BzXh0dF8Yr5ofWMpp =DeK2 -----END PGP SIGNATURE----- --------------enig4942BE213EE7008D15FA67EF--