Hello, Because of the way s6, s6-rc and s6-linux-init tools set up permissions, pretty much every operation that involves the init system, even those that do not change the machine state, must be done with root privileges. Other init systems allow some operations to be done without those privileges. For example, with sysvinit + OpenRC, runlevel, rc-status and 'rc-service describe' can be used by unprivileged users, but shutdown, rc-update and 'rc-service start' cannot. I know that changing group and permissions of specific files and directories allows doing the same with s6 + s6-rc + s6-linux-init. However, the fact that one can do it doesn't necessarily mean that one should. So here are my questions, which are pretty much the same in all cases:
* s6-rc-db: Changing the group of the 'lock' file in a compiled dababase and making it group writable allows the group's members to use the command. s6-rc-db cannot change the database or the service states, so are there any drawbacks to doing this? Is there a better way to use the command without being root? * s6-rc: Changing the group of the 'lock' file in the live state directory, the group of the 'lock' file in the compiled dababase that is currently live, and making both group writable, allows the group's members to use, for example, the 's6-rc -a list' and 's6-rc -a listall' commands, but not the 's6-rc change' command, because permissions in other files and directories still prevent it. So are there any drawbacks to doing this? Is there a better way to use the command in forms that do not change service states without being root? * s6-svdt: Changing the group of the 'supervise' subdirectory of a service directory, and making it group readable, allows the group's members to use the command for the corresponding service. s6-svdt-clear still needs root privileges. So are there any drawbacks to doing this? Is there a better way to use the command without being root? * s6-svstat: This is a tough one. Because the 'control' FIFO in the 'supervise' subdirectory is only user-writable, this command can only be run as root. As far as I can tell, opening the FIFO is needed to check if the supervisor is running, and other daemontools-style supervision suites use a separate FIFO for this purpose, customarily named 'ok'. But changing the file's group and making it group writable also allows using s6-svc without being root. So is there a way to allow using s6-svstat, but not s6-svc, without being root? * Logging directories and kernel environment store: if they don't exist, s6-log creates logging directories with permissions 2700. s6-linux-init with the -s option creates the environment store with permissions 0700. Are there any drawbacks to changing their group to allow more users to read and search those directories? Thanks, G.