3

I have an authoritative DNS daemon in my test DNS setup which is responsible to provide host IP at best choice.

This daemon/process can run by setting some capabilities using setcap and then a development user can start or stop this without becoming the root user or using sudo.

But while booting up the box, this daemon/process again appears as running as root in ps output.

Can I start/stop this process with minimal capability/privileges from a non-root user? Then, at the bootup, I also don't want to see this running as the root user.

Is there any mechanism in init scripts to run the given process with non zero uid?

Jeff Schaller
  • 66,199
  • 35
  • 114
  • 250
Akaks
  • 449
  • 1
  • 5
  • 10

3 Answers3

3

You could use su in your startup scripts:

su -s /bin/sh -c '/usr/bin/somedaemon' someuser

Another solution would be to start the daemon using cron.

Community
  • 1
Marco
  • 33,188
  • 10
  • 112
  • 146
2

You should just call:

sudo -u username your_daemon_name

in the init script, as root runs the init script it will not ask for a password but run the scripts as username.

Timo
  • 6,202
  • 1
  • 26
  • 28
1

If you are using systemd (as of today, only Slackware, Ubuntu and Debian among Linux distributions are using anything else) you can set the user/group in its .service file (see systemd.service(5), systemd.exec(5), and browse through the copious documentation here).

vonbrand
  • 18,156
  • 2
  • 37
  • 59
  • Ubuntu and Debian are both using systemd now. I think Slackware is the only major distro left to not use systemd (at least judging from the list of most popular distros at distrowatch). – Alexander Jul 28 '17 at 07:30