How to run a command as a specific user in an init script?
Solution 1
On RHEL systems, the /etc/rc.d/init.d/functions
script is intended to provide similar to what you want. If you source that at the top of your init script, all of it's functions become available.
The specific function provided to help with this is daemon
. If you are intending to use it to start a daemon-like program, a simple usage would be:
daemon --user=username command
If that is too heavy-handed for what you need, there is runuser
(see man runuser
for full info; some versions may need -u
prior to the username):
/sbin/runuser username -s /bin/bash -c "command(s) to run as user username"
Solution 2
For systemd style init scripts it's really easy. You just add a User= in the [Service] section.
Here is an init script I use for qbittorrent-nox on CentOS 7:
[Unit]
Description=qbittorrent torrent server
[Service]
User=<username>
ExecStart=/usr/bin/qbittorrent-nox
Restart=on-abort
[Install]
WantedBy=multi-user.target
Solution 3
If you have start-stop-daemon
start-stop-daemon --start --quiet -u username -g usergroup --exec command ...
Solution 4
Instead of sudo, try
su - username command
In my experience, sudo is not always available on RHEL systems, but su is, because su is part of the coreutils package whereas sudo is in the sudo package.
Solution 5
I usually do it the way that you are doing it (i.e. sudo -u username command). But, there is also the 'djb' way to run a daemon with privileges of another user. See: http://thedjbway.b0llix.net/daemontools/uidgid.html
ddario
Updated on July 02, 2020Comments
-
ddario almost 4 years
I'm writing an init script which is supposed to execute a single command as a user different than root. This is how I'm doing it currently:
sudo -u username command
This generally works as expected on Ubuntu/Debian, but on RHEL the script which is executed as the
command
hangs.
Is there another way to run the command as another user?
(Note that I can't use lsb init functions as they're not available on RHEL/Centos 5.x.) -
ddario almost 11 yearsIt's not available in RHEL 5.
-
Ansgar Wiechers almost 11 years@ddario
start-stop-daemon
is a Debian-ism. -
Justin C almost 10 yearsI tried this, but it requires a password for the service user, which I don't intend to ever set.
sudo -u <username> <command>
on the other hand, does not. Note that I run these with my user account, not a root account. -
spuder over 9 yearssudo wont work if
requiretty
is set in /etc/sudoers (the default in cent 6, 7 and fedora 20). -
birgersp over 9 yearsSame problem here, cant user su because it requires a password. So what is the best approach for this? Noone seems to have a proper answer :(
-
bmaupin over 8 yearsThis is what worked for me on RHEL 6. I also used the -m flag to preserve environment variables:
su -m username command
-
Richlv almost 8 yearsat least on RHEL6,
runuser
does not accept the-u
parameter and one would run it just like this:runuser username -s /bin/bash -c "command"
-
Alberto de Paola over 7 yearsYou can use
daemon
, as @lagweezle pointed out in his/her answer. By the way, it should be the accepted answer. -
Hustlion about 7 yearsFor Centos 7, also should not use
-u
or the command fails. And/sbin/runuser username -s /bin/bash -c "command"
works. -
David over 6 yearssystemd may be controversial but this is certainly a nice convenience. I am going to do this for my (hashicorp) vault server process. thanks.
-
LOAS over 6 yearsI don't really keep up with linux dev drama :) I have just found systemd easy to deal with since centos adopted it. I am never going back to the mess that preceded it :)
-
Tanky Woo over 5 years
-u/--user
is for checking, you should add-c/--chuid
: Change to this username/uid before starting the process -
J. Titus over 3 yearsFor anyone dealing with the error
options --(shell,fast,command,session,session-command,login) and --user are mutually exclusive
, the following format worked for me:runuser -u username -- command
-
Eradicatore about 3 yearsThanks @lagweezle, this seems like it will work for me for my starting of the command, what's the best way to stop that daemon? in the stop part of my init.d script?