Find the answer to your Linux question:
Results 1 to 9 of 9
I've got some a server daemon that I compiled from source (murmur, the server part of the mumble voip app) that I want to run as a non root user. ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Enthusiast meton_magis's Avatar
    Join Date
    Oct 2006
    Location
    arizona
    Posts
    699

    [SOLVED] running process as unprivelaged user from root account


    I've got some a server daemon that I compiled from source (murmur, the server part of the mumble voip app) that I want to run as a non root user. I'm on Fedora 12, and what it to be integrated into the startup of my server. I've worked with making the service scripts before, and know that part, but I can't figure out how to run a process as an unprivileged user. normaly this is handled, like with apache, how there is a configuration that allows you to have it drop to a different account, but there isn't the option here.

    is there a command I can throw into my script to have it drop permissions? I don't want to give the userID a login shell, so doing `su - user -c "/usr/bin/murmurd"` won't work. I'd prefer not to install sudo, as I see that as a security risk, since I know I won't take the time to actually secure it.

    thanks

    and before it is suggested, I don't want to use yum to install the app, since it is a major version behind.
    New to the internet, technical forums, or the hacker / open source community??
    Read this to learn good posting habits http://www.catb.org/~esr/faqs/smart-questions.html

    RHCE for RHEL version 5
    RHCT for RHEL version 4

  2. #2
    Linux Guru
    Join Date
    Nov 2007
    Posts
    1,746
    Running Murmur


    Most packages also include the 'murmur-user-wrapper' script, which does all of the below for you if you want to run as a regular user (including starting DBus).
    ???

    Find the script, read it, and copy/enable it.

  3. #3
    Linux Enthusiast meton_magis's Avatar
    Join Date
    Oct 2006
    Location
    arizona
    Posts
    699
    the startup script runs this line

    start_daemon $prog --PIDFile "$pidfile" --chuid: $MURMUR_USER:$MURMUR_GROUP --RunAsDaemon 1 $MURMUR_OPTS

    I tried looking for any information on the comman start_daemon, but can't find it in yum, can't find any package that provides that, and it isn't anywhere on my system.
    New to the internet, technical forums, or the hacker / open source community??
    Read this to learn good posting habits http://www.catb.org/~esr/faqs/smart-questions.html

    RHCE for RHEL version 5
    RHCT for RHEL version 4

  4. #4
    Linux Guru
    Join Date
    Nov 2007
    Posts
    1,746
    So zip up/move your compiled binaries to a safe place, install from a repo, and take a look at how the distro maintainers set it up.

    Then you can copy/save any useful scripts and remove the repo version.

    My .02

  5. #5
    Linux Enthusiast meton_magis's Avatar
    Join Date
    Oct 2006
    Location
    arizona
    Posts
    699
    that's what I did. That's where I pulled the previous line from.
    New to the internet, technical forums, or the hacker / open source community??
    Read this to learn good posting habits http://www.catb.org/~esr/faqs/smart-questions.html

    RHCE for RHEL version 5
    RHCT for RHEL version 4

  6. #6
    Linux Guru
    Join Date
    Nov 2007
    Posts
    1,746


    So does the repo version daemon start/run correctly? Is there an init script that's calling the user-wrapper? Assuming it works, you have the blueprint right there on your system.

  7. #7
    Linux Enthusiast meton_magis's Avatar
    Join Date
    Oct 2006
    Location
    arizona
    Posts
    699
    yeah, it doesn't work. This startup script is completely fubar. I'm having to go through and correct it line by line. I'll keep working on it, and post if I catch on anything else.
    New to the internet, technical forums, or the hacker / open source community??
    Read this to learn good posting habits http://www.catb.org/~esr/faqs/smart-questions.html

    RHCE for RHEL version 5
    RHCT for RHEL version 4

  8. #8
    Linux Guru
    Join Date
    Nov 2007
    Posts
    1,746
    I downloaded the source tarball, unzipped, and looked in the scripts directory. The user-wrapper and the murmur.init are in there. The murmur.init is trying to start up as user/group "mumble-server" by default.

    Code:
    #! /bin/sh
    #
    ### BEGIN INIT INFO
    # Provides:             mumble-server
    # Required-Start:       $network $local_fs $remote_fs dbus
    # Required-Stop:	$network $local_fs $remote_fs dbus
    # Should-Start:		$mysql
    # Should-Stop:		$mysql
    # Default-Start:        2 3 4 5
    # Default-Stop:         0 1 6
    # Short-Description:    Mumble VoIP Server
    ### END INIT INFO
    
    PATH=/sbin:/bin:/usr/sbin:/usr/bin
    NAME=mumble-server
    DESC="Mumble VoIP Server"
    PIDDIR=/var/run/$NAME
    PIDFILE=$PIDDIR/$NAME.pid
    DAEMON=/usr/sbin/murmurd
    USER=mumble-server
    GROUP=mumble-server
    
    test -x $DAEMON || exit 0
    
    INIFILE=/etc/mumble-server.ini
    DAEMON_OPTS="-ini $INIFILE"
    MURMUR_DAEMON_START=0
    MURMUR_USE_CAPABILITIES=0
    MURMUR_LIMIT_NOFILE=0
    
    # Include murmur defaults if available
    if [ -f /etc/default/$NAME ] ; then
    	. /etc/default/$NAME
    fi
    
    . /lib/init/vars.sh
    . /lib/lsb/init-functions
    
    if [ "$MURMUR_LIMIT_NOFILE" -gt 0 ] ; then
    	ulimit -n $MURMUR_LIMIT_NOFILE
    fi
    
    case "$1" in
      start)
      	if [ "$MURMUR_DAEMON_START" != "1" ] ; then
      		log_warning_msg "Not starting $DESC $NAME, disabled via /etc/default/$NAME"
      		exit 0
      	fi
      	[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
    	[ -d $PIDDIR ] || install -o $USER -d $PIDDIR
    	if [ "$MURMUR_USE_CAPABILITIES" != "1" ] ; then
    	  start-stop-daemon --start --quiet \
    		--pidfile $PIDFILE \
    		--chuid $USER:$GROUP \
    		--exec $DAEMON \
    		-- $DAEMON_OPTS
    	else
    	  start-stop-daemon --start --quiet \
    		--pidfile $PIDFILE \
    		--exec $DAEMON \
    		-- $DAEMON_OPTS
    	fi
    	case "$?" in
    		0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
    		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
    	esac
    	;;
      stop)
      	[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
    	start-stop-daemon --stop --quiet \
    		--retry=TERM/30/KILL/5 \
    		--pidfile $PIDFILE \
    		--user $USER \
    		--exec $DAEMON
    	case "$?" in
    		0|1)	rm -f $PIDFILE
    			[ "$VERBOSE" != no ] && log_end_msg 0
    			;;
    		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
    	esac
    	;;
      force-reload)
    	start-stop-daemon --stop --test --quiet \
    		--pidfile $PIDFILE \
    		--user $USER \
    		--exec $DAEMON \
    	&& $0 restart || exit 0
    	;;
      restart)
     	[ "$VERBOSE" != no ] && log_daemon_msg "Restarting $DESC" "$NAME"
    	start-stop-daemon --stop --quiet \
    		--retry=TERM/30/KILL/5 \
    		--pidfile $PIDFILE \
    		--user $USER \
    		--exec $DAEMON
    	case "$?" in
    		0|1)
    		  	[ -d $PIDDIR ] || install -o $USER -d $PIDDIR
    			rm -f $PIDFILE
    			if [ "$MURMUR_USE_CAPABILITIES" != "1" ] ; then
    			  start-stop-daemon --start --quiet \
    				--pidfile $PIDFILE \
    				--chuid $USER:$GROUP \
    				--exec $DAEMON \
    				-- $DAEMON_OPTS
    			else
    			  start-stop-daemon --start --quiet \
    				--pidfile $PIDFILE \
    				--exec $DAEMON \
    				-- $DAEMON_OPTS
    			fi
    			case "$?" in
    				0) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
    				*) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
    			esac
    			;;
    		*)
    			[ "$VERBOSE" != no ] && log_end_msg 0
    			;;
    	esac
    	;;
      *)
    	N=/etc/init.d/$NAME
    	echo "Usage: $N {start|stop|restart|force-reload}" >&2
    	exit 3
    	;;
    esac
    
    exit 0

  9. #9
    Linux Enthusiast meton_magis's Avatar
    Join Date
    Oct 2006
    Location
    arizona
    Posts
    699
    yes I know, the script doesn't work however.

    it turns out that it isn't needed. there is an option burried in the ini file to have it switch users. Stupid me didn't look hard enough in it.
    New to the internet, technical forums, or the hacker / open source community??
    Read this to learn good posting habits http://www.catb.org/~esr/faqs/smart-questions.html

    RHCE for RHEL version 5
    RHCT for RHEL version 4

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •