DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD General

FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 8th November 2008
phreud phreud is offline
Port Guard
 
Join Date: Nov 2008
Posts: 22
Thanked 0 Times in 0 Posts
Default Run daemon as other user than root

I've installed utserver (Unreal Tournament game server) from ports. It also installed a startscript in /usr/local/etc/rc.d/ucc

Code:
# $FreeBSD: ports/games/utserver/files/ucc.in,v 1.3 2006/09/18 14:01:15 rafan Exp $
#
# PROVIDE: ucc
# REQUIRE: DAEMON
#
# Add the following line to /etc/rc.conf[.local] to enable ucc
#
# ucc_enable (bool):            Set to "NO" by default.
#                               Set it to "YES" to enable ucc.

. /etc/rc.subr

name="ucc"
rcvar=${name}_enable

load_rc_config $name

: ${ucc_enable="NO"}
: ${ucc_config="server.ini"}
: ${ucc_logfile="/dev/null"}
: ${ucc_map="dm-Hyperblast"}
: ${ucc_pidfile="/var/run/ucc.pid"}

pidfile=${ucc_pidfile}
command="/usr/local/ut-server/System/ucc-bin"
command_args="server \"${ucc_map}\" ini=${ucc_config}"
start_cmd="ucc_startcmd"

ucc_startcmd()
{
    if [ -z "$rc_fast" -a -n "$rc_pid" ]; then
        echo "${name} already running? (pid=$rc_pid)."
        return 1
    fi
    echo Starting ${name}.
    if [ ! -x /usr/sbin/daemon ]; then
        err 1 "/usr/sbin/daemon required"
    fi
    if ! /usr/sbin/daemon 2>&1 | grep pidfile > /dev/null; then
        err 1 "/usr/sbin/daemon with -p option required"
    fi
    if ! kldstat -v | grep -E 'linux(aout|elf)' > /dev/null; then
        err 1 "Linux support required"
    fi
    cd /usr/local/ut-server/System/
    cmd="/usr/sbin/daemon -p ${ucc_pidfile} ${command} ${command_args}"
    if [ -n "$ucc_user" ]; then
        cmd="su -m $ucc_user -c '$cmd'"
    fi
    eval "$cmd 2>&1 >> ${ucc_logfile}"
}
After putting ucc_enable="YES" in /etc/rc.conf the server starts up fine on boot. However, it runs as root. How can I change this to something else (user nobody maybe)?
Reply With Quote
  #2   (View Single Post)  
Old 8th November 2008
TerryP's Avatar
TerryP TerryP is offline
Arp Constable
 
Join Date: May 2008
Location: USofA
Posts: 1,547
Thanked 112 Times in 104 Posts
Default

Well this might be a lazy way of doing it, but looking at the script if you might try setting ucc_user to the desired user name.
__________________
My Journal

Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''.
Reply With Quote
  #3   (View Single Post)  
Old 8th November 2008
phreud phreud is offline
Port Guard
 
Join Date: Nov 2008
Posts: 22
Thanked 0 Times in 0 Posts
Default

I tried that but got some permission error concerning the pid file. I didn't look into it too much though. I thought this would be a common task for daemons in /etc/rc.conf.
Reply With Quote
  #4   (View Single Post)  
Old 9th November 2008
robbak's Avatar
robbak robbak is offline
Real Name: Robert Backhaus
VPN Cryptographer
 
Join Date: May 2008
Location: North Queensland, Australia
Posts: 366
Thanked 40 Times in 39 Posts
Default

Hmm, yes, it would.
You will also have to set ucc_pidfile to a location that is writable to the user that you want to use. The standard location, /var/run, is writable by root only.

By the way, I would not use 'nobody' as the user. With the various system processes that tend to run as 'nobody', 'nobody' can become quite a privileged user!
Create a user new user and use that. Use /sbin/nologin as its shell, and /dev/null as its home, and it won't cause any security problems.
__________________
The only dumb question is a question not asked.
The only dumb answer is an answer not given.
Reply With Quote
  #5   (View Single Post)  
Old 9th November 2008
phreud phreud is offline
Port Guard
 
Join Date: Nov 2008
Posts: 22
Thanked 0 Times in 0 Posts
Default

Thanks! I did what you said and got it working. I created a user utserver with shell nologin and nonexistent for home. I also created /var/run/utserver (chown utserver:utserver) where the pid file goes.

I really only have two more thoughts:

1) After making the changes, when starting the server, two processes are created. I'm not sure why?

ps -uA
Code:
.
.
utserver  2271  0.0  1.5 32568 29984  ??  Ss    3:30AM   0:08.12 /usr/local/ut-server/System/ucc-bin server ctf-Niven?game=botpack.ctfgame?mutator=ZPPure7G.Accugib ini=server.in
utserver  2273  0.0  1.5 32568 29984  ??  S     3:30AM   0:00.00 /usr/local/ut-server/System/ucc-bin server ctf-Niven?game=botpack.ctfgame?mutator=ZPPure7G.Accugib ini=server.in
.
.
Using /usr/local/etc/rc.d/ucc stop kills them both though.

2) All files in ="/usr/local/ut-server/ are owned by root. Should I change this aswell to the utserver user, and if so, do I need to alter any rights?
Reply With Quote
  #6   (View Single Post)  
Old 9th November 2008
reario reario is offline
New User
 
Join Date: May 2008
Posts: 1
Thanked 0 Times in 0 Posts
Default

why don't just run it in a jail if security is a your concern?
V.
Reply With Quote
  #7   (View Single Post)  
Old 9th November 2008
robbak's Avatar
robbak robbak is offline
Real Name: Robert Backhaus
VPN Cryptographer
 
Join Date: May 2008
Location: North Queensland, Australia
Posts: 366
Thanked 40 Times in 39 Posts
Default

Not unless utserver needs to write to them. It should not, if it is well behaved.

If you get permission denied errors while running it, then chown the files that it needs to change. You are best leaving as much as you can read-only.

Sounds like you've got things running well. Many servers fork off new processes, so that looks fine as well. (All I'm thinking is 'Only 2? most of them fork of 4 or 5!)

And lastly, yes, jails are good things. Take a look at them.
__________________
The only dumb question is a question not asked.
The only dumb answer is an answer not given.
Reply With Quote
  #8   (View Single Post)  
Old 10th November 2008
phreud phreud is offline
Port Guard
 
Join Date: Nov 2008
Posts: 22
Thanked 0 Times in 0 Posts
Default

Thanks for all your help! I think I'm pretty happy with how the setup is working now.

About forking off processes: a friend of mine is running the same setup on a Debian powered server and he's getting just one process. Could that differ between FreBSD and Debian?

I think I found out what is causing the second process to be started though, and it's a package loaded by the ut-server. If I don't load it, I just get the one process. I'll try and contact the author of that package and see what he has to say.

Thanks again. Much apprechiated.
Reply With Quote
  #9   (View Single Post)  
Old 11th November 2008
robbak's Avatar
robbak robbak is offline
Real Name: Robert Backhaus
VPN Cryptographer
 
Join Date: May 2008
Location: North Queensland, Australia
Posts: 366
Thanked 40 Times in 39 Posts
Default

It may be the way ps works - I don't know all the details, but on some system ps shows both parent processes and children, on others ps shows only parent processes, unless various options are set.

Not sure it that applies here though, but it is a possiblility.
__________________
The only dumb question is a question not asked.
The only dumb answer is an answer not given.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
HOWTO: mounting an USB device as normal non-root user in OpenBSD J65nko Guides 5 3 Days Ago 09:49 AM
Startx executes as root, "startx:not found" as user Mr-Biscuit NetBSD Installation and Upgrading 4 27th May 2009 08:44 AM
root: unknown user roddierod FreeBSD General 9 28th April 2009 10:18 PM
dbus-daemon lumiwa FreeBSD General 2 2nd October 2008 12:05 AM
Non-root user editing automatically mounted smb share tad1214 FreeBSD General 8 8th July 2008 02:28 AM


All times are GMT. The time now is 04:17 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick