From owner-freebsd-ports@FreeBSD.ORG Sun Apr 27 08:08:28 2008 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6A4D0106566C for ; Sun, 27 Apr 2008 08:08:28 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (gate6.infracaninophile.co.uk [IPv6:2001:8b0:151:1::1]) by mx1.freebsd.org (Postfix) with ESMTP id C86A08FC17 for ; Sun, 27 Apr 2008 08:08:27 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [IPv6:::1]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.2/8.14.2) with ESMTP id m3R88GRk060031; Sun, 27 Apr 2008 09:08:22 +0100 (BST) (envelope-from m.seaman@infracaninophile.co.uk) X-DKIM: Sendmail DKIM Filter v2.5.3 smtp.infracaninophile.co.uk m3R88GRk060031 Message-ID: <4814346A.5040207@infracaninophile.co.uk> Date: Sun, 27 Apr 2008 09:08:10 +0100 From: Matthew Seaman Organization: Infracaninophile User-Agent: Thunderbird 2.0.0.12 (X11/20080310) MIME-Version: 1.0 To: Walter Venable References: <48132E31.8080204@gmail.com> In-Reply-To: <48132E31.8080204@gmail.com> X-Enigmail-Version: 0.95.6 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------enig871974EB376F27C0614D6A21" X-Greylist: Sender succeeded SMTP AUTH authentication, not delayed by milter-greylist-3.0 (smtp.infracaninophile.co.uk [IPv6:::1]); Sun, 27 Apr 2008 09:08:22 +0100 (BST) X-Virus-Scanned: ClamAV version 0.93, clamav-milter version 0.93 on happy-idiot-talk.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-3.0 required=5.0 tests=AWL,BAYES_00,NO_RELAYS autolearn=ham version=3.2.4 X-Spam-Checker-Version: SpamAssassin 3.2.4 (2008-01-01) on happy-idiot-talk.infracaninophile.co.uk Cc: freebsd-ports@freebsd.org Subject: Re: Building new port, don't want to run as root X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 27 Apr 2008 08:08:28 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig871974EB376F27C0614D6A21 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: quoted-printable Walter Venable wrote: > Hi all, I'm working on a patch to upgrade a port I maintain, however th= e=20 > new version (smartly) refuses to be run by root. I fished through the = > Porter's Handbook a bit but was unable to find anything in particular o= n=20 > running the port as another user. Can anyone point me in the right=20 > direction? Thanks... I take it you're talking about a daemon process and you want to have the rc.subr scripts start it as another user than root? That's fairly simple= =2E To make rc.subr start a process using a different UserID, all you need to= do is define variables name =3D foo <-- standard rc script thing to setup the namespace foo_user =3D someone foo_group =3D somegroup in the rc script (where 'foo' is typically your program name). You should use a fixed username and group from /usr/ports/UIDs or /usr/ports/GIDs -- unless there is already something suitable in that fil= e, just grab a UID and GID number no one else is already using and send in patches to UIDs and GIDs along with the rest of your maintainer update. For a long running process, you'll also probably need to make arrangement= s for the process to write a pid file. If it is started as non-root then it won't be able to write a file into /var/run -- one solution is to crea= te a sub-dir owned and writable by the user the script runs as. Similar=20 considerations also apply to wrinting log files into /var/log Take a look at textproc/sphinxsearch for an example. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW --------------enig871974EB376F27C0614D6A21 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.8 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEAREIAAYFAkgUNHAACgkQ8Mjk52CukIzRHwCfSB1CWdJ+s93CGE9nLNqGFIvh XF8An15xSTeX/DB4A0o2fOudCb+03Lyu =UDoM -----END PGP SIGNATURE----- --------------enig871974EB376F27C0614D6A21--