headers
Anthony Baker | 1 Dec 2004 02:06

Invoking runsvctrl as non-root

I'm running into a permissions issue trying to invoke runsvctrl as a
non-root user:

$ runsvctrl d .
runsvctrl: warning: .: unable to open supervise/control: access denied

I'm using runit-1.0.5 on a solaris8 system to supervise a java server
process.  runsv is being spawned automatically by the runsvdir-start
script.  The run script switches to a non-root user (via chpst).  I need
this user to be able to bring the server process up and down.

Invoking runsvctrl/runsvstat as root works beautifully, of course.

Any ideas?

TIA,
Anthony
Permalink | Reply | 3 comments |
headers
Charles Duffy | 1 Dec 2004 04:03
Favicon

Re: Invoking runsvctrl as non-root

On Tue, 30 Nov 2004 17:06:46 -0800, Anthony Baker wrote:

> I'm running into a permissions issue trying to invoke runsvctrl as a
> non-root user

As the message implies, you need to give some permissions to the
user you want to allow runsvctrl and runsvstat -- most particularly, write
access to the socket ./supervise/control and read access to ./supervise/ok
and ./supervise/status.

As an aside, I find that this sort of thing is easier if you
have POSIX ACLs available.
Permalink | Reply | 2 comments |
headers
Charlie Brady | 1 Dec 2004 06:17
Picon
Picon

Re: Cross compiling for VIA C3?


On Mon, 22 Nov 2004, Gerrit Pape wrote:

> Yes, the runit package's build process (just as the daemontools' one)
> includes some tests to configure system dependencies.  This includes
> three runtime tests where a test program is compiled, linked, and then
> run.  These runtime tests obviously won't work when cross-compiling.
> 
> More precisely it's the targets hasshsgr.h:, iopause.h:, and uint64.h:,
> in the Makefile which test setgroups(), poll(), and the size of uint64,
> to select *.h1 or *.h2 respectively.  You can compile and link the test
> programs, and then run them on the target device to check the exit code
> and choose the correct header.

Once you learn (or guess) the correct header files to use, you can fully 
script the build process. The only trick is creating the required header 
files at the right time. Here is my build script for a cross-compile of 
runit (for mipsel linux on i386):

make clean
echo $GCC -O -Wall > conf-cc
echo $GCC -s > conf-ld
make compile load choose
cat iopause.h1 > iopause.h
cat uint64.h1 > uint64.h
make chkshsgr
cat hasshsgr.h1 > hasshsgr.h
make
(Continue reading)

Permalink | Reply | 0 comments |
headers
Ian Stokes-Rees | 1 Dec 2004 10:03
Picon
Picon
Favicon

Re: Invoking runsvctrl as non-root

Hi,

Charles Duffy wrote:
>>I'm running into a permissions issue trying to invoke runsvctrl as a
>>non-root user
> 
> As the message implies, you need to give some permissions to the
> user you want to allow runsvctrl and runsvstat -- most particularly, write
> access to the socket ./supervise/control and read access to ./supervise/ok
> and ./supervise/status.

Put another way, I have seen this happen when I start a service as root, 
which then creates directories, files and sockets which *only* root can 
read and write, and then I want to control that same service with a 
non-root user.  I think this actually goes for *any* change between the 
first user to invoke runit commands on a service and subsequent users.

The trick is to manually change the access permissions, so other users 
can access the service.  Make sure they are the users you want to be 
able to access the service!  I am pretty sure those permissions will 
stick and runit won't overwrite them, unless the 
directories/files/sockets are deleted and re-created.  UMASK might come 
into play here, but I'm not sure.

HTH,

Ian.
--

-- 
Ian Stokes-Rees              i.stokes-rees <at> physics.ox.ac.uk
Particle Physics, Oxford     http://grid.physics.ox.ac.uk/~stokes
(Continue reading)

Permalink | Reply | 1 comment |
headers
Anthony Baker | 1 Dec 2004 17:10

Re: Invoking runsvctrl as non-root

On Wed, 2004-12-01 at 01:03, Ian Stokes-Rees wrote:
> >>I'm running into a permissions issue trying to invoke runsvctrl as a
> >>non-root user
> > 
> > As the message implies, you need to give some permissions to the
> > user you want to allow runsvctrl and runsvstat -- most particularly, write
> > access to the socket ./supervise/control and read access to ./supervise/ok
> > and ./supervise/status.
> 
> The trick is to manually change the access permissions, so other users 
> can access the service.  Make sure they are the users you want to be 
> able to access the service!  I am pretty sure those permissions will 
> stick and runit won't overwrite them, unless the 
> directories/files/sockets are deleted and re-created.  UMASK might come 
> into play here, but I'm not sure.
> 
Thanks for the suggestions, a "chown" in the run script prior to exec
did the trick.

Anthony
Permalink | Reply | 0 comments |
headers
George Georgalis | 5 Dec 2004 01:29

looking for cvsupd runscript

Anybody successfully run cvsupd under daemontools? Or, have experiences
to share? The following script does a lot of it on debian:
http://galis.org/scripts/do_conf/cvsupd-do_conf.sh

but, I think there is a problem handshaking tcpserver and cvsupd.
I've never run cvsupd so I may just be missing something...

// George

--

-- 
George Georgalis, systems architect, administrator Linux BSD IXOYE
http://galis.org/george/ cell:646-331-2027 mailto:george <at> galis.org
Permalink | Reply | 0 comments |
headers
Umesh T G | 17 Dec 2004 09:21
Picon

Query about getty

Hello everyone,

When I logout of the getty, I want the getty to clear the screen and and
come back to the login prompt.

How can I make it possible?

Thanks in advance.

Cheers,
Umesh
Permalink | Reply | 1 comment |
headers
Alejandro Mery | 17 Dec 2004 14:50
Picon
Favicon
Gravatar

Re: Query about getty

> When I logout of the getty, I want the getty to clear the screen and and
> come back to the login prompt.
>  
> How can I make it possible?

add `clear` on your /service/getty-$n/finish :) simple, isn't it?

Alejandro
Permalink | Reply | 0 comments |
headers
Gerrit Pape | 18 Dec 2004 20:59

runit-1.2.0 available

Hi, a new test package of runit is available for testing

 http://smarden.org/runit/

With this version the runsv program makes controlling the service
through commands normally sent by runsvctrl configurable; arbitrary
actions through external programs can optionally be specified, and
signalling of the service disabled if desired.  See the man page[0]
for details.

runsv now reports the seconds since ./run has been started when running
the ./finish script, instead of the seconds since ./finish has been
started.  It no longer reports immediately failing ./run scripts as
``running'' for up to one second, but as ``down, normally up, want up''.

If you use runit regularly, please contribute[1] to the project.

Thanks, Gerrit.

[0] http://smarden.org/runit/runsv.8.html
[1] http://smarden.org/pape/#contribution
Permalink | Reply | 9 comments |

Gmane