[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Proposal] switching user and group id
From: |
Jan-Henrik Haukeland |
Subject: |
Re: [Proposal] switching user and group id |
Date: |
01 May 2003 01:38:12 +0200 |
User-agent: |
Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.4 (Civil Service) |
Jan-Henrik Haukeland <address@hidden> writes:
> I was starting a program the other day from monit. The program should
> run as a special user but does not switch to a new uid and gid like
> apache does. So if monit is run by root the program also runs as the
> root user. It occured to me that switching uid (and gid) can be done
> by monit.
>
> Before monit starts a program it fork of a new process and in this
> process the uid/gid could be changed before monit starts the program.
I have added this feature to the cvs repository and it works fine. If
anyone wants to check it out before the next release you can checkout
the latest monit release from cvs (the latest code also include state
fullness and soon Martins promising file/directory/device check). How
to check out the latest monit code from CVS is explained on this page:
http://savannah.nongnu.org/cvs/?group=monit
Here's an excerpt from the man file:
This example demonstrate how you can run a program as a specified user
(uid) and with a specified group (gid). Many daemon programs will do
the uid and gid switch by itself, but for those programs that does not
(e.g. java programs), monit's ability to start a program as a certain
user can be very useful. In this example we start the Tomcat Java
Servlet Engine as the standard nobody user and group. Please note that
monit will only change uid and gid for a program if the super-user is
running monit, otherwise monit will simply ignore the request to
change uid and gid.
check tomcat with pidfile /var/run/tomcat.pid
start program = "/etc/init.d/tomcat start"
as uid nobody and gid nobody
stop program = "/etc/init.d/tomcat stop"
# You can also use id numbers instead and write:
as uid 99 and with gid 99
port 8080
--
Jan-Henrik Haukeland
- [Proposal] switching user and group id, Jan-Henrik Haukeland, 2003/04/08
- Re: [Proposal] switching user and group id, Martin Pala, 2003/04/09
- Re: [Proposal] switching user and group id, Jani Mikkonen, 2003/04/10
- Re: [Proposal] switching user and group id, Jan-Henrik Haukeland, 2003/04/10
- Re: [Proposal] switching user and group id, Jani Mikkonen, 2003/04/10
- Re: [Proposal] switching user and group id, Christian Hopp, 2003/04/10
- Re: [Proposal] switching user and group id, Jan-Henrik Haukeland, 2003/04/22
- Re: [Proposal] switching user and group id, Martin Pala, 2003/04/22
Re: [Proposal] switching user and group id,
Jan-Henrik Haukeland <=