Building new port, don't want to run as root
Matthew Seaman
m.seaman at infracaninophile.co.uk
Sun Apr 27 08:08:28 UTC 2008
Walter Venable wrote:
> Hi all, I'm working on a patch to upgrade a port I maintain, however the
> new version (smartly) refuses to be run by root. I fished through the
> Porter's Handbook a bit but was unable to find anything in particular on
> running the port as another user. Can anyone point me in the right
> direction? Thanks...
I take it you're talking about a daemon process and you want to have the
rc.subr scripts start it as another user than root? That's fairly simple.
To make rc.subr start a process using a different UserID, all you need to
do is define variables
name = foo <-- standard rc script thing to
setup the namespace
foo_user = someone
foo_group = somegroup
in the rc script (where 'foo' is typically your program name).
You should use a fixed username and group from /usr/ports/UIDs or
/usr/ports/GIDs -- unless there is already something suitable in that file,
just grab a UID and GID number no one else is already using and send in
patches to UIDs and GIDs along with the rest of your maintainer update.
For a long running process, you'll also probably need to make arrangements
for the process to write a pid file. If it is started as non-root then
it won't be able to write a file into /var/run -- one solution is to create
a sub-dir owned and writable by the user the script runs as. Similar
considerations also apply to wrinting log files into /var/log
Take a look at textproc/sphinxsearch for an example.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 258 bytes
Desc: OpenPGP digital signature
Url : http://lists.freebsd.org/pipermail/freebsd-ports/attachments/20080427/d4aeb00f/signature.pgp
More information about the freebsd-ports
mailing list