Are all scripts loaded as root

[hugsbrugs]

Hello,

I can use forever-service and thanks for that but I need some server script not to be runned as root but as www-data user. How can I acheive this ?

I've tried to install forever-service as non root user but it does not work, certainly because for creating linux service, we need to be root ...

[arvind-agarwal]

forever-service runs in root, and invokes the nodejs script also in root privileges. To drop privileges in your specific script i would suggest using process.setuid or process.setgid, this is allows you to do initialization in root environment but then continue running as non-root.

https://thomashunter.name/blog/drop-root-privileges-in-node-js/

Also following para explains what happens when you call setuid with root privileges. (http://man7.org/linux/man-pages/man2/setuid.2.html) The setuid() function checks the effective user ID of the caller and if it is the superuser, all process-related user ID's are set to uid. After this has occurred, it is impossible for the program to regain root privileges.

I am planning to support specific uid to launch in future (no ETA), however for that specific uid support also needs to be added in forever cli (internally forever-monitor does support it).

Hope this would work for you.

[christophberlin]

+100 on this feature.

[mplatt]

+1

[mr-moon]

+100 from me as well.

[dkashkin]

+1

[arvind-agarwal]

I have added support for run as user in 0.5.0. (-r user)

NOTE: This is still experimental, I need some volunteers to test this in various environments.

This is functional only for init.d scripts. Upstart script for Ubuntu is not yet supported for runasuser.

[houmark]

@arvind-agarwal I owe you some time, and the least I can do is providing some testing feedback on this nice feature.

I am testing this on Amazon Linux AMI FWIW, and will provide some feedback after a few restarts.

Installing went fine for the first service I'm testing with and it shows up for the ec2-user so all seems to be good so far.

[houmark]

After more testing including some reboots, I can confirm that running with the -r option for the ec2-user on Amazon Linux works completely as expected.

[arvind-agarwal]

Thanks @houmark I am now looking for volunteers from other platforms (Amazon Linux seems to be working well).

[steve-taylor]

I would rather have forever-service use systemd instead of upstart if that's what it takes to get the -r option to work on Ubuntu.

[robkorv]

Ubuntu 14.04 doesn't support systemd and Ubuntu 15.04 doesn't support upstart. It says here that you can switch, which will probably break your system. Does anybody know if you can use them side by side?

I've been playing around with Ubuntu 14.04 and forever-service after reading http://upstart.ubuntu.com/cookbook/#ensure-a-directory-exists-before-starting-a-job and http://upstart.ubuntu.com/cookbook/#run-a-job-as-a-different-user.

So far nothing successful but for Ubuntu 14.04 this should be the way to go:

• create the log file, chmod and chown it with the correct user:group and file permissions on pre-start
• exec all commands trough the correct user

@arvind-agarwal do you have any tips on how to debug the upstart script?