Running daemon as non-root user from rc.d?

Hello,

I was wondering how daemons like apache run as non-root
users (www for example)?

I have a non-pkgsrc rc.d script that contains:

                if [ "$who" = root ]
                then
                   su $SQUIDUSER -c
"$SQUIDDIR/bin/daemonx $D_OPTIONS -c $
SQUIDDIR/etc/daemonx.conf"
                else
                   $SQUIDDIR/bin/daemonx $D_OPTIONS -c
$SQUIDDIR/etc/daemonx.conf
                fi

The problem is that $SQUIDUSER has /sbin/nologin as its
shell, so su fails.

In the end this daemon has worker threads which *are* run as
$SQUIDUSER from squid, and the daemon gets swapped out. Does
this mean
I don't have to worry? The deamonx has no open files (from
fstat, nor
can I "see" it in ps -ax.

Running 'fstat | grep squid' shows a lot of open files

squid    squid      22170   13 /          11441 -rw-r--r--  
76201 w
...

but also

root     squid      18646   wd /usr      304131 drwxr-xr-x  
  512 r
root     squid      18646    0 /          19964 crw-rw-rw-  
 null rw
root     squid      18646    1 /          19964 crw-rw-rw-  
 null rw
root     squid      18646    2 /          19964 crw-rw-rw-  
 null rw
root     squid      18646    3 /          19964 crw-rw-rw-  
 null rw
root     squid      18646    4* unix dgram c06633c0
<-> c066ca80

Is this from /etc/rc.d when it is loaded as root?

Thanks for any help,

Amadeus

Amadeus Stevenson --> netbsd-help (2006-05-25 13:12:58
+0100):
> I was wondering how daemons like apache run as non-root
users (www for 
> example)?

If apache is run as root initially it drops privileges after
startup (see the `User' and `Group' directives). The rc
script has nothing to do with this.


> I have a non-pkgsrc rc.d script that contains:
> 
>                if [ "$who" = root ]
>                then
>                   su $SQUIDUSER -c
"$SQUIDDIR/bin/daemonx $D_OPTIONS -c $
> SQUIDDIR/etc/daemonx.conf"
>                else
>                   $SQUIDDIR/bin/daemonx $D_OPTIONS -c
> $SQUIDDIR/etc/daemonx.conf
>                fi
> 
> The problem is that $SQUIDUSER has /sbin/nologin as its
shell, so su fails.

Try `su -m ...'.

See read /etc/rc.subr and search for `_user' to see how
this could be
done correctly.


> In the end this daemon has worker threads which *are*
run as
> $SQUIDUSER from squid, and the daemon gets swapped out.
Does this mean
> I don't have to worry? The deamonx has no open files
(from fstat, nor
> can I "see" it in ps -ax.
> 
> Running 'fstat | grep squid' shows a lot of open
files
> 
> squid    squid      22170   13 /          11441
-rw-r--r--   76201 w
> ...
> 
> but also
> 
> root     squid      18646   wd /usr      304131
drwxr-xr-x     512 r
> root     squid      18646    0 /          19964
crw-rw-rw-    null rw
> root     squid      18646    1 /          19964
crw-rw-rw-    null rw
> root     squid      18646    2 /          19964
crw-rw-rw-    null rw
> root     squid      18646    3 /          19964
crw-rw-rw-    null rw
> root     squid      18646    4* unix dgram c06633c0
<-> c066ca80
> 
> Is this from /etc/rc.d when it is loaded as root?

I don't know squid, but this looks as if it would behave as
apache
does. BTW: why are you not using the squid rc script from
pkgsrc?


HTH, Jukka

-- 
bashian roulette:
$ ((RANDOM%6)) || rm -rf ~