Re: Getting a daemon off uid root
On Fri, Feb 21, 2003 at 07:21:39PM +0100, Thomas Viehmann wrote:
> After trying some web searching as well as some attempts at learning from
> example by looking at sources of current packages.
>
> I'd like to get some advice as to what the best solution for running a daemon as
> not as root might be.
OK, I look after lprng which doesn't stay as root.
> I need the following three on startup which seem to keep me from not starting
> out as root:
> - open devices (in my case tty?, ttyUSB?)
Generally devices can be opened as root or you can use a group and then
make it rw for the group.
> - open syslog (and/or logfile)
syslog(3) doesn't need superuser. Log files can be handled like the
/var/run stuff below.
> - write pidfile
> In particular, I don't know how to write my pidfile under /var/run without being
> root.
Ah yes, and you can have some chicken and egg problems here especialy if
there is forking.
Create a directory /var/run/yourpackage/ and make the user or group
writeable.
> If there isn't any way, is there documentation/good example on how to shed the
> root privilege after starting? Is a simple setresuid/gid to nobody/nogroup enough?
nobody/nogroup is often a bad idea and is an evil remnant of Ye Olde
Unix. Far better to make it a uidi gid for itself, which is what most
daemons do now.
If paranoid, you might like to check your uid and gid after you have set
them, to make sure the transistion actually happened.
- Craig
--
Craig Small VK2XLZ GnuPG:1C1B D893 1418 2AF4 45EE 95CB C76C E5AC 12CA DFA5
Eye-Net Consulting http://www.enc.com.au/ <csmall@enc.com.au>
MIEEE <csmall@ieee.org> Debian developer <csmall@debian.org>
Reply to: