On Thu, 25 Feb 2010, Ian wrote:
> This is officialy driving me nuts!
>
> with the busybox su logged in as nobody:
>
> $ su -c ls nobody
> su: This applet requires root priviledges!
>
> So - I can only do su -c as root. Ok I thought - I'll detect whose
> running the /etc/init.d script. Unfortunately - when a process is started
> via init - $USER is empty (no shell, no environment I guess)
>
> Also unfortunately - when apache cgi shell script runs /etc/init.d script
> - $USER is also empty.
On most systems /bin/su is setuid, which means anyone can use it - though
non-root users might be prompted for passwords.
If you use su to start you application as nobody in part of an init.d
script, that script should be running as root, so there should be no
problem.
To find out which user is running use the 'id' command. Your userid number
is more embedded than some noddy environment variable :-)
>
> Still stuck with my original proplem ...
>
>
> --- In "Ian" <> wrote:
>>
>> Hi Jim,
>>
>> excellent advice. su is indeed present.
>>
>> I had to change /etc/passwd to give 'nobody' a shell.
>>
>> then
>>
>> su - c "some command" nobody
>>
>> worked. And the web interface stops it ok.
>>
>> Thanks for your help.
>>
>> Ian
>>
>> --- In Jim Jackson <jj@> wrote:
>>>
>>>
>>>
>>>
>>> On Wed, 24 Feb 2010, Ian wrote:
>>>
>>>> Hi,
>>>>
>>>> I have an app that's started via /etc/init.d on tsLinux from the embedded
>>>> flash
>>>>
>>>> I also have a web interface to start/stop this process. But after a
>>>> reboot the apache 'nobody' user can't kill the process as its been
>>>> started by root.
>>>>
>>>> once stopped by root. the web interface works as expected.
>>>>
>>>> I thought about putting sudo onto the tsLinux but it looks a bit heavy
>>>> resource wise - and my initial hacks left it failing to do a reverse
>>>> lookup and with pam broken.
>>>
>>> Isn't "su" on the TSlinux image? Make your init.d script use this to start
>>> you app running as user nobobdy and then your apache app will be able to
>>> kill it.
>>>
>>>>
>>>> Does anyone have a solution to this?
>>>>
>>>> Thanks,
>>>>
>>>> Ian
>>>>
>>>>
>>>
>>
>
>
>
------------------------------------
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/ts-7000/
<*> Your email settings:
Individual Email | Traditional
<*> To change settings online go to:
http://groups.yahoo.com/group/ts-7000/join
(Yahoo! ID required)
<*> To change settings via email:
<*> To unsubscribe from this group, send an email to:
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
|