Board index Solaris

How to run a program at startup but not as root.

How to run a program at startup but not as root.

Post by Bubba Gum » Wed, 26 Jun 2002 14:45:12



This might be a really simple question, but please do not laugh at me
because I am relatively new to UNIX/SOLARIS.  

On my Sun Ultra30, running Solaris 9, I am running an iroffer bot (a
type of irc bot).  I would like this to be automatically loaded at
startup.  It seems that a script in the /etc/rc3.d directory would do
this, but I am concerned about security.  Does this mean that the
process would be executed as root?  Is this a bad thing?  I remember
compiling Apache and they somehow set it up so apache had its own
un-logginable account that was not at the root level.  If there are
any materials that will assist me with this, please direct me to them.

Thanks,

Geoff

 
 
 
Top

How to run a program at startup but not as root.

Post by chuc » Wed, 26 Jun 2002 16:06:59



>  I remember
> compiling Apache and they somehow set it up so apache had its own
> un-logginable account that was not at the root level.  If there are
> any materials that will assist me with this, please direct me to them.

> Thanks,

> Geoff

Read: man su, man passwd, man useradd

Do: su "some_locked_account" -c "your command line and arguements go here"

Quote:> logfile 2 >&1

Should do the trick. The last bit captures any output into logfile, which
should reside somewhere like /var/log or /var/adm.

By default all the rc scripts run as root, but you can do this inside the
script.

Run iroffer in background mode or you will hang the boot process.

See also
http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?id=advi...

In fact I would advise you to search "iroffer security" in your favourite
engine and read the materials.
That was just the first result. Be aware that many sites will block IRC
file transfers because of these concerns, though.

Chuck

 
 
 
Top

How to run a program at startup but not as root.

Post by Joe Blogg » Wed, 26 Jun 2002 16:39:27



Quote:> This might be a really simple question, but please do not laugh at me
> because I am relatively new to UNIX/SOLARIS.

> On my Sun Ultra30, running Solaris 9, I am running an iroffer bot (a
> type of irc bot).  I would like this to be automatically loaded at
> startup.  It seems that a script in the /etc/rc3.d directory would do
> this, but I am concerned about security.  Does this mean that the
> process would be executed as root?  Is this a bad thing?  I remember
> compiling Apache and they somehow set it up so apache had its own
> un-logginable account that was not at the root level.  If there are
> any materials that will assist me with this, please direct me to them.

The 'su' command allows you to pass a username and a command to be run, so
just make use of this facility in your /etc/rc3.d/S90irc script.
 
 
 
Top

How to run a program at startup but not as root.

Post by Bubba Gum » Wed, 26 Jun 2002 23:30:08


I now have this script S91iroffer:

#!/sbin/sh
#This script automattically runs iroffer at startup and
#gives it priviledges under the "music" account..
su music -c /export/home/music/iroffer1.2b13/iroffer -b
/export/home/music/iroffer1.2b13/mybot.txt > logfile 2>&1

Whenever I run this I get a segmentation fault.  If I make a similar
script that does not have the su command, having already su-ed to the
user music, it works fine.  Does su -c set up some kind of protected
memory that iroffer is going outside of?

Thanks,

Geoff




>>  I remember
>> compiling Apache and they somehow set it up so apache had its own
>> un-logginable account that was not at the root level.  If there are
>> any materials that will assist me with this, please direct me to them.

>> Thanks,

>> Geoff

>Read: man su, man passwd, man useradd

>Do: su "some_locked_account" -c "your command line and arguements go here"
>> logfile 2 >&1

>Should do the trick. The last bit captures any output into logfile, which
>should reside somewhere like /var/log or /var/adm.

>By default all the rc scripts run as root, but you can do this inside the
>script.

>Run iroffer in background mode or you will hang the boot process.

>See also
>http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?id=advi...

>In fact I would advise you to search "iroffer security" in your favourite
>engine and read the materials.
>That was just the first result. Be aware that many sites will block IRC
>file transfers because of these concerns, though.

>Chuck

 
 
 
Top

How to run a program at startup but not as root.

Post by Bubba Gum » Thu, 27 Jun 2002 03:23:08


Thanks everyone.  I got it to work now.  It must have been just
something little that I was doing stupidly.  

Geoff



>I now have this script S91iroffer:

>#!/sbin/sh
>#This script automattically runs iroffer at startup and
>#gives it priviledges under the "music" account..
>su music -c /export/home/music/iroffer1.2b13/iroffer -b
>/export/home/music/iroffer1.2b13/mybot.txt > logfile 2>&1

>Whenever I run this I get a segmentation fault.  If I make a similar
>script that does not have the su command, having already su-ed to the
>user music, it works fine.  Does su -c set up some kind of protected
>memory that iroffer is going outside of?

>Thanks,

>Geoff




>>>  I remember
>>> compiling Apache and they somehow set it up so apache had its own
>>> un-logginable account that was not at the root level.  If there are
>>> any materials that will assist me with this, please direct me to them.

>>> Thanks,

>>> Geoff

>>Read: man su, man passwd, man useradd

>>Do: su "some_locked_account" -c "your command line and arguements go here"
>>> logfile 2 >&1

>>Should do the trick. The last bit captures any output into logfile, which
>>should reside somewhere like /var/log or /var/adm.

>>By default all the rc scripts run as root, but you can do this inside the
>>script.

>>Run iroffer in background mode or you will hang the boot process.

>>See also
>>http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?id=advi...

>>In fact I would advise you to search "iroffer security" in your favourite
>>engine and read the materials.
>>That was just the first result. Be aware that many sites will block IRC
>>file transfers because of these concerns, though.

>>Chuck

 
 
 
Top

1. run a non-root user's program from a non-root user

Hi Folks,

Here is the problem.

I have user A and user B (non-root users)

I need for user A to initiate a job as user B. How can this be done?

As you know, I can do this as root. I can start a process from root as
another user in the system (cron jobs come to my mind!) Is there a way
to do this for non-root users? I believe I need to be able to do
something like  as user A
"su - B" without being prompted for password.

Appreciate suggestions in advance.

Pasha

BTW: I am using AIX 4.3.10

2. DLT Drives / stinit

3. Running a startup script as a user other than root

4. ibcs and personality.h

5. How to run a non root process at startup ?

6. Dynamic loader symbol resolution order

7. Executing programs as user other than root on startup??

8. Success w/Linux 1.2.3 & Win95!

9. redhat 7.3 - add new startup program (root)

10. Setting up programs to run at startup.

11. running a program at startup

12. where is the file that runs startup programs?

13. Run a Java program at Startup.


All times are UTC
Board index