Date: Mon, 03 Nov 2008 12:44:56 +0100
From: =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@des.no>
To: Volker Theile <votdev@gmx.de>
Cc: freebsd-rc@freebsd.org
Subject: Re: User to run ${command} as, using su(1) does not work for all reasons
Message-ID: <867i7lf2yv.fsf@ds4.des.no>
In-Reply-To: <48FE48FD.7010607@gmx.de> (Volker Theile's message of "Tue, 21 Oct 2008 23:26:21 %2B0200")
References: <48FE48FD.7010607@gmx.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Volker Theile <votdev@gmx.de> writes:
> i came across the following problem while trying to run
> transmission-daemon using user 'transmission'. When i modify the
> transmission rc-script to use another user than root for execution i
> added:
>
> transmission_user=${transmission_user:-"transmission"}
>
> Because there is not done a full login the transmission daemon tries
> to create its config dir in /root/.config/transmission_daemon which
> fails due missing permissions.
There's another, bigger issue with _user and _group. A daemon that
needs to, say, open a privileged port can't use _user and _group,
because it will start as that user / group instead of starting as root
and then dropping privileges on its own. This affects named in base and
varnishd (and probably others) in ports. There should be a way to tell
rc.subr that the daemon will handle _user and _group itself.
DES
--
Dag-Erling Smørgrav - des@des.no
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?867i7lf2yv.fsf>