Redhat init script best practice
7,931
Solution 1
You can just su
.
You won't need the password because the script will initally be running as root.
There's also the runuser
command.
If you use /etc/init.d/functions
you can use the daemon
function which has an option for specifying the user to run as.
I'd personally sway towards the latter all other things being equal.
Solution 2
If you write a redhat-style init script, the daemon
function has a --user
option.
daemon --user=$runasuser --pidfile="$PIDFILE" $yourbinary $youroptions
Related videos on Youtube
Comments
-
Garry Harthill over 1 year
I want to write an init service script which runs the program as a particular user (and not root). I will then chkconfig this script and install into my production run level.
I could just put a su command in the script but I was wondering if there is a best practise of doing this.
Thanks, Garry
-
codebyren almost 15 yearsIf using sudo, you'd want to add the -u <run as user> and consider using the NOPASSWD option for that user/command combination.
-
Garry Harthill almost 15 yearsWell it's currently been run as root so su doesn't require any password (editing of /etc/sudoers will allow sudo to run with a password as well). But is this the preferred method? We have some in-house developed software which I want to write service scripts for. I don't want this software to be run as root though (for obvious reasons).
-
Govindarajulu almost 15 yearsI strongly advise against using sudo in init scripts. sudo is meant for users to do stuff without knowing the root password. Since an init script is run as root anyway, there is no need to use sudo. Sudo will only needlessly complicate things.
-
Govindarajulu almost 15 yearsThis a the prefered solution: stay as close as possible to the way the OS provided initscripts work. Use /etc/init.d/functions. It'll even provide you with green OK and red FAIL messages when starting the initscript.
-
spuder over 9 yearsUsing sudo in an init script will fail if
requiretty
is enabled in /etc/sudoers (on by default in cent 6 and cent 7)github.com/influxdb/influxdb/issues/800 -
Felipe Alvarez about 8 yearsYou think echo-ing the password is best practice?