Date: Wed, 06 Feb 2008 16:50:48 +0000 From: Alex Zbyslaw <xfb52@dial.pipex.com> To: Zbigniew Szalbot <zszalbot@gmail.com> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: /usr/local/etc/rc.d/ scripts and non-root user Message-ID: <47A9E568.9040406@dial.pipex.com> In-Reply-To: <94136a2c0802060751o7952c2f8w639139271c946e98@mail.gmail.com> References: <94136a2c0802060751o7952c2f8w639139271c946e98@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Zbigniew Szalbot wrote: >I have looked at my /usr/local/etc/rc.d/ and realized that the symlink >I put there has the root as owner. It all works but I would rather use >a non-root user for to run that script. > >$ ls -l /usr/local/etc/rc.d/ >lrwxr-xr-x 1 root wheel 40 May 9 2007 sender.sh -> >/usr/home/api/sender/start.sh > There's one more potential mistake you are making here. Who the script runs as has nothing at all to do with who owns the script unless setuid or setgid bits are set. They would be set on the script itself and not the symlink, so we'd need to see ls -lL /usr/local/etc/rc.d/sender.sh to know what was set or not. Specifically, startup scripts will always run as root and it will be up to the script to do things as another user if appropriate. E.g. by using su, or sudo, or by running a program which was setuid some-other-user, or because it runs as root, simply changing to another user when appropriate (see man 2 setuid). Setuid/gid bits on shell scripts aren't considered safe, however and may even be disabled. --Alex
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47A9E568.9040406>