On Fri, Feb 21, 2003 at 07:21:39PM +0100, Thomas Viehmann wrote: > After trying some web searching as well as some attempts at learning from > example by looking at sources of current packages. > > I'd like to get some advice as to what the best solution for running a daemon as > not as root might be.
OK, I look after lprng which doesn't stay as root. > I need the following three on startup which seem to keep me from not starting > out as root: > - open devices (in my case tty?, ttyUSB?) Generally devices can be opened as root or you can use a group and then make it rw for the group. > - open syslog (and/or logfile) syslog(3) doesn't need superuser. Log files can be handled like the /var/run stuff below. > - write pidfile > In particular, I don't know how to write my pidfile under /var/run without being > root. Ah yes, and you can have some chicken and egg problems here especialy if there is forking. Create a directory /var/run/yourpackage/ and make the user or group writeable. > If there isn't any way, is there documentation/good example on how to shed the > root privilege after starting? Is a simple setresuid/gid to nobody/nogroup enough? nobody/nogroup is often a bad idea and is an evil remnant of Ye Olde Unix. Far better to make it a uidi gid for itself, which is what most daemons do now. If paranoid, you might like to check your uid and gid after you have set them, to make sure the transistion actually happened. - Craig -- Craig Small VK2XLZ GnuPG:1C1B D893 1418 2AF4 45EE 95CB C76C E5AC 12CA DFA5 Eye-Net Consulting http://www.enc.com.au/ <[EMAIL PROTECTED]> MIEEE <[EMAIL PROTECTED]> Debian developer <[EMAIL PROTECTED]> -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
