How to run a command as a specific user in an init script?

linux bash centos init rhel
164,748

Solution 1

On RHEL systems, the /etc/rc.d/init.d/functions script is intended to provide similar to what you want. If you source that at the top of your init script, all of it's functions become available.

The specific function provided to help with this is daemon. If you are intending to use it to start a daemon-like program, a simple usage would be:

daemon --user=username command

If that is too heavy-handed for what you need, there is runuser (see man runuser for full info; some versions may need -u prior to the username):

/sbin/runuser username -s /bin/bash -c "command(s) to run as user username"

Solution 2

For systemd style init scripts it's really easy. You just add a User= in the [Service] section.

Here is an init script I use for qbittorrent-nox on CentOS 7:

[Unit]
Description=qbittorrent torrent server

[Service]
User=<username>
ExecStart=/usr/bin/qbittorrent-nox
Restart=on-abort

[Install]
WantedBy=multi-user.target

Solution 3

If you have start-stop-daemon

start-stop-daemon --start --quiet -u username -g usergroup --exec command ...

Solution 4

Instead of sudo, try

su - username command

In my experience, sudo is not always available on RHEL systems, but su is, because su is part of the coreutils package whereas sudo is in the sudo package.

Solution 5

I usually do it the way that you are doing it (i.e. sudo -u username command). But, there is also the 'djb' way to run a daemon with privileges of another user. See: http://thedjbway.b0llix.net/daemontools/uidgid.html

Share:
164,748
ddario
Author by

ddario

Updated on July 02, 2020

Comments

  • ddario
    ddario almost 4 years

    I'm writing an init script which is supposed to execute a single command as a user different than root. This is how I'm doing it currently:
    sudo -u username command

    This generally works as expected on Ubuntu/Debian, but on RHEL the script which is executed as the command hangs.
    Is there another way to run the command as another user?
    (Note that I can't use lsb init functions as they're not available on RHEL/Centos 5.x.)

  • ddario
    ddario almost 11 years
    It's not available in RHEL 5.
  • Ansgar Wiechers
    Ansgar Wiechers almost 11 years
    @ddario start-stop-daemon is a Debian-ism.
  • Justin C
    Justin C almost 10 years
    I tried this, but it requires a password for the service user, which I don't intend to ever set. sudo -u <username> <command> on the other hand, does not. Note that I run these with my user account, not a root account.
  • spuder
    spuder over 9 years
    sudo wont work if requiretty is set in /etc/sudoers (the default in cent 6, 7 and fedora 20).
  • birgersp
    birgersp over 9 years
    Same problem here, cant user su because it requires a password. So what is the best approach for this? Noone seems to have a proper answer :(
  • bmaupin
    bmaupin over 8 years
    This is what worked for me on RHEL 6. I also used the -m flag to preserve environment variables: su -m username command
  • Richlv
    Richlv almost 8 years
    at least on RHEL6, runuser does not accept the -u parameter and one would run it just like this: runuser username -s /bin/bash -c "command"
  • Alberto de Paola
    Alberto de Paola over 7 years
    You can use daemon, as @lagweezle pointed out in his/her answer. By the way, it should be the accepted answer.
  • Hustlion
    Hustlion about 7 years
    For Centos 7, also should not use -u or the command fails. And /sbin/runuser username -s /bin/bash -c "command" works.
  • David
    David over 6 years
    systemd may be controversial but this is certainly a nice convenience. I am going to do this for my (hashicorp) vault server process. thanks.
  • LOAS
    LOAS over 6 years
    I don't really keep up with linux dev drama :) I have just found systemd easy to deal with since centos adopted it. I am never going back to the mess that preceded it :)
  • Tanky Woo
    Tanky Woo over 5 years
    -u/--user is for checking, you should add -c/--chuid: Change to this username/uid before starting the process
  • J. Titus
    J. Titus over 3 years
    For anyone dealing with the error options --(shell,fast,command,session,session-command,login) and --user are mutually exclusive, the following format worked for me: runuser -u username -- command
  • Eradicatore
    Eradicatore about 3 years
    Thanks @lagweezle, this seems like it will work for me for my starting of the command, what's the best way to stop that daemon? in the stop part of my init.d script?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

BASH - Delete files older than 3 months?
How do I write pid to file
Cronjob to check and restart service if dead
Linux Yum Fatal Python error: pycurl: libcurl link-time version is older than compile-time version
How to get percentage of processor use with bash?
How to stop Fork Bomb out of memory error - RHEL 6
NginX + PHP-FPM displays blank php pages
Why does redirection (>) not work sometimes but appending (>>) does?
Have script run on very first startup of new CentOS 7 VM clone
-bash-4.2$ for command line?