Off the top of my head, If you made a script to load the daemons and set up /var/run then chmod a+s on it. It would run with super user privileges so you should be able to specify riv as a group when it spawns card etc?
On 27 Nov 2013 11:13, Alessio Elmi <[email protected]> wrote: > > Hi everybody, > I have a question on how you manage Linux user related to Rivendell. > My setup is Debian 7, with Rivendell 2.5.1 installed from Tryphon > repositories. > > Like most of you usually do, I created a specific Linux account for > Rivendell, 'rivendell' indeed. From a theoretical point of view, as Fred > always said, this user should be responsible for all Rivendell activities and > no human account could use it. It must be reported in /etc/rd.conf and it > should be the owner of /var/snd (mod/own is 0775 rivendell:rivendell). > I also have a /home/rivendell folder where scripts,reports or db-backups will > be saved. > > My goal now is that Debian automatically logs in as 'guest', completely > unprivileged Linux user. It doesn't belong to 'rivendell' group, and > therefore it can't be able to edit /var/snd. > > For those who use Tryphon init scripts. > /etc/default/rivendell -> all commented, does nothing (I want to use PAM) > /etc/init.d/rivendell -> > .... > if [ ! -d $PIDDIR ]; then > install --directory --mode 04775 --owner=rivendell --group=rivendell > /var/run/rivendell > fi > ....this creates the folder /var/run/rivendell (it works!) with mod/own 775 > rivendell:rivendell as desired. > Then it checks if I want to use PAM or INIT reading /etc/default/rivendell. > As I said it's all commented, so it exits and does nothing.. (still no pid > files/daemons are up) > > Now the interesting part. When I run RD application from the desktop (user > 'guest') it tries to write its 3 pids in /var/run/rivendell (created with the > ownership of rivendell) and it fails. But: > 1) If I chmod 777 /var/run/rivendell it creates daemons -> but under owner > 'guest', which is bad! > 2) I need to do: > su rivendell (enter) > psw (enter) > caed (enter) > ripcd (enter) > rdcatchd (enter) > Now I can launch RD application with 'guest' user and it works... > Is this behaviour correct? Would it more correct that each RD application > could write 3 pid files under the ownership of 'rivendell'? > How do you manage user permissions and startup daemons? > Thank you > > Alessio _______________________________________________ Rivendell-dev mailing list [email protected] http://caspian.paravelsystems.com/mailman/listinfo/rivendell-dev
