| View previous topic :: View next topic |
| Author |
Message |
hjkl
Apprentice
Joined: 22 Apr 2021
Posts: 198
Location: Somewhere in Europe
|
 Posted: Mon Jun 21, 2021 3:27 pm Post subject: Run service as user (equivelant of systemctl --user) |
 |
|
Hi,
I'd like to run a service as my own user instead of systemwide/root user.
Is there any way to do this with Openrc?
I haven't found any way to do so after a bit of research.
Cheers!
_________________
Having problems compiling since 2021  |
|
| Back to top |
|
 |
GDH-gentoo
Veteran
Joined: 20 Jul 2019
Posts: 1530
Location: South America
|
| Posted: Mon Jun 21, 2021 5:20 pm Post subject: |
|
|
systemctl --user sends commands to the per-user systemd process instead of the one that runs as process 1. The fact that services started that way result in corresponding processes running with a non-privileged effective user is just a side effect.
OpenRC doesn't have systemd-like per-user service managers. But you can have the 'system-wide' service manager spawn a process with a non-privileged user, though. start-stop-daemon and supervise-daemon have a --user option for doing that, and service scripts in /etc/init.d that implicitly call those programs (by not defining a start() function) can specify a value for that option by assigning to variable command_user:
or
| Code: | | command_user=user:group |
|
|
| Back to top |
|
|
hjkl
Apprentice
Joined: 22 Apr 2021
Posts: 198
Location: Somewhere in Europe
|
| Posted: Mon Jun 21, 2021 5:37 pm Post subject: |
|
|
| GDH-gentoo wrote: | systemctl --user sends commands to the per-user systemd process instead of the one that runs as process 1. The fact that services started that way result in corresponding processes running with a non-privileged effective user is just a side effect.
OpenRC doesn't have systemd-like per-user service managers. But you can have the 'system-wide' service manager spawn a process with a non-privileged user, though. start-stop-daemon and supervise-daemon have a --user option for doing that, and service scripts in /etc/init.d that implicitly call those programs (by not defining a start() function) can specify a value for that option by assigning to variable command_user:
or
| Code: | | command_user=user:group |
|
So I'd edit the /etc/init.d/<service> file and add that to the top of the file?
_________________
Having problems compiling since 2021 |
|
| Back to top |
|
|
GDH-gentoo
Veteran
Joined: 20 Jul 2019
Posts: 1530
Location: South America
|
| Posted: Mon Jun 21, 2021 5:41 pm Post subject: |
|
|
| fullbyte wrote: | | So I'd edit the /etc/init.d/<service> file and add that to the top of the file? |
What you do depends on the particular service script. Does it have a start() function? If no, does it have an assignment to variables command, command_args, command_background and/or supervisor? |
|
| Back to top |
|
|
hjkl
Apprentice
Joined: 22 Apr 2021
Posts: 198
Location: Somewhere in Europe
|
| Posted: Tue Jun 22, 2021 11:52 am Post subject: |
|
|
| GDH-gentoo wrote: | | fullbyte wrote: | | So I'd edit the /etc/init.d/<service> file and add that to the top of the file? |
What you do depends on the particular service script. Does it have a start() function? If no, does it have an assignment to variables command, command_args, command_background and/or supervisor? |
Well, it's the MPD service:
| Code: |
#!/sbin/openrc-run
# Copyright 1999-2020 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
: CFGFILE=${CFGFILE:=/etc/mpd.conf}
depend() {
need localmount
use net netmount nfsmount alsasound esound pulseaudio
config ${CFGFILE}
}
get_config() {
x=$1
test -e ${CFGFILE} || return 1
sed -n \
-e '/^[ \t]*'${x}'/{s:^[ \t]*'${x}'[ \t]\+"\?\([^#"]\+\)[^"]*"\?$:\1: ; p }' \
${CFGFILE}
}
extra_started_commands='reload'
# Required by io_uring
rc_ulimit="-l 65535"
command=/usr/bin/mpd
command_args=${CFGFILE}
required_files=${CFGFILE}
pidfile=$(get_config pid_file)
description="Music Player Daemon"
reload() {
ebegin "Reloading ${RC_SVCNAME}"
start-stop-daemon --pidfile ${pidfile} --signal HUP
eend $?
}
|
_________________
Having problems compiling since 2021 |
|
| Back to top |
|
|
GDH-gentoo
Veteran
Joined: 20 Jul 2019
Posts: 1530
Location: South America
|
| Posted: Tue Jun 22, 2021 5:29 pm Post subject: |
|
|
| Oh. But that is a package from Gentoo's repository, and I see that the configuration file that it installs as /etc/mpd.conf already tells mpd to drop privileges and run as user mpd. You are not supposed to change anything then, why do you want to? |
|
| Back to top |
|
|
|
Other Things Gentoo
