From owner-freebsd-questions@freebsd.org Tue May 18 20:52:52 2021 Return-Path: Delivered-To: freebsd-questions@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8B0F1657616 for ; Tue, 18 May 2021 20:52:52 +0000 (UTC) (envelope-from kludev@gmail.com) Received: from mail-io1-xd2f.google.com (mail-io1-xd2f.google.com [IPv6:2607:f8b0:4864:20::d2f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Fl7Vq6ZbYz3Gpb for ; Tue, 18 May 2021 20:52:51 +0000 (UTC) (envelope-from kludev@gmail.com) Received: by mail-io1-xd2f.google.com with SMTP id z24so10826941ioj.7 for ; Tue, 18 May 2021 13:52:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=YBDHY3/RLmusKJmPCecUqMJWfUPs2i/Yprb509/EdPg=; b=UMbJqlqziRmW1zbDg3E6SgdHVlaRxFHsYXo9hPcScnghA1hYFrXyqBIOd0vSYLBnSb AVIxi9mOYZ5c0U4Uh5EeicAtNecZeLCfmgRfQB0hPEpKnHwa3wSA/iIbo2MIKUT84hbx J9CdxJqoXOI/v5tH3ovpXg8meZzX2v4wC4iM8iibe4/j7f64v7xMmq7+uiBUHj4AHSzi 8P+xUHS0TZK/ZI5PmgDwv0IQLOZCyqE8TRocZBKzoi6rjDw4WCAQZinimjXtg1rUbKWY PHU0Gia4MQg4IyzqMJp6gb/3VFQbtSRTKLvvCLaPdmrDVJrGgZCpnL7U1g0GyV7VCikI hOWQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=YBDHY3/RLmusKJmPCecUqMJWfUPs2i/Yprb509/EdPg=; b=Met+BIN8Wn85AQd6K6EzcbL75FIY+EjR0vtrqmDSqOmM7U3UjIUg2VnlgI21aVUDYf wY2mAbv0oMkX5PJnTNN32TY1G653c/zythhyr2CiUOSf7j+llRA+Q5MF54oCmp/LgQ4M LchhMFq6uxbVMNxF5z33GYRZy+Lk2UKqDxrq2OHC0OEVNlO+H/cgA5JzE9kGpDKfdS3G DstEOfI1eTt1LCwKRBUP2RJ0ZgxdYwR1EsGZ0P+44jSiS5TZZryLXhcWEFtDcKOjZyNY XpiuWzloh0mSALjKnaBFco18wa80j+v89Luaw1h5EXB/p1SKoszvM+TGbB5TBIVs33Xp x5KQ== X-Gm-Message-State: AOAM533b2JrokhQ2FyOIDZB+VgEGmQJte9qGQ5M+hKKJUZs0fuLvj6gX wfJ92vQXSrrqQ2Bi9TIx4xqt4ZnGJKgk6fk57kk= X-Google-Smtp-Source: ABdhPJxDVhKiGa9siTQZfwV4KXsvDwZM1LSoKEeQESJLeESueA3vs0Cbch7ytK3Gs3/IsvE4L05mw6AqFpbeIGiAMsI= X-Received: by 2002:a05:6602:3146:: with SMTP id m6mr6139201ioy.158.1621371171011; Tue, 18 May 2021 13:52:51 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: K Lu Date: Tue, 18 May 2021 13:52:40 -0700 Message-ID: Subject: Re: Can non-root user create/start services? To: Tomasz CEDRO Cc: FreeBSD Questions Mailing List Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 4Fl7Vq6ZbYz3Gpb X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=UMbJqlqz; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of kludev@gmail.com designates 2607:f8b0:4864:20::d2f as permitted sender) smtp.mailfrom=kludev@gmail.com X-Spamd-Result: default: False [-2.99 / 15.00]; FREEMAIL_FROM(0.00)[gmail.com]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-1.00)[-1.000]; FROM_EQ_ENVFROM(0.00)[]; SUBJECT_ENDS_QUESTION(1.00)[]; RBL_DBL_DONT_QUERY_IPS(0.00)[2607:f8b0:4864:20::d2f:from]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.99)[-0.989]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-questions@freebsd.org]; SPAMHAUS_ZRD(0.00)[2607:f8b0:4864:20::d2f:from:127.0.2.255]; MIME_TRACE(0.00)[0:+]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::d2f:from]; RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[]; MAILMAN_DEST(0.00)[freebsd-questions] X-Mailman-Approved-At: Wed, 19 May 2021 04:29:10 +0000 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 May 2021 20:52:52 -0000 Right, I don't want to change to root for those tasks. Reason I want non-root user create/start services is because, the user may want to run a long running, daemonized program, eg, a FUSE process, which can reliably automatically start when the system starts. Or another example is, the user wants to run its own IRC bouncer, or IRC bot, etc. For all these scenarios, the tasks are highly personal, which don't suit running as root, and yet they require to be long running and non-interactive, which fits freebsd service well. That's why I'm curious, if the user can define and start "per-user" services. Not sure if I elaborate the use cases well :) Another option I can think of is using user cron jobs. Are there other options? Thanks! On Tue, May 18, 2021 at 1:01 PM Tomasz CEDRO wrote: > > On Tue, May 18, 2021 at 9:58 PM Tomasz CEDRO wrote: > > In general Unix always separates root (administrator tasks) from users > > (non administrative tasks). This is why "gaining root" as > > standard/restricted user is always the most interesting part ;-) > > Clarification - any way for your user to perform root operations is > also a good way for others to perform root actions - this is usually a > serious security threat and you want avoid that :-) > > -- > CeDeROM, SQ7MHZ, http://www.tomek.cedro.info