I like the general approach proposed by frymaster. However, I propose a variation that uses PolicyKit or similar with role-based access control lists instead of UID-GID.
Role-based access controls use a matrix of sorts where rows are either logins or groups or "features" [aka, printing, usb, etc]. The columns are then things that folks can try to do [aka, view, manage, alter, etc]. Within the context of upstart-based system startup we might likely have our own unique view of roles and operations and so a PolicyKit or similar approach would enable us to go where we need to go without concern about the snarled nest that is UID-GID based. ~~~ 0;-Dan ======================================================= Author: frymaster Comment: @Brian Fahrlander: I had to implement something similar (I wanted a web interfact to start/stop certain jobs - namely, multiplayer game servers) I wrote a helper script that would accept 2 parameters (jobname, and "start" or "stop") and, if the jobname matches a list, would run the specified command. You can't make scripts setuid, so instead I added the following line to /etc/sudoers: %www-data ALL=NOPASSWD: /path/to/script that lets anyone in the www-data group run my script as root using sudo, without a password (I needed that because it was being ran by web scripts; you probably don't) I'd imagine this is less than idea for your purposes (I assume you want users to be able to add their own jobs, and you also want the jobs to run as that user, rather than root) -- upstart-devel mailing list upstart-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/upstart-devel