--- In Jim Jackson <> wrote:
>
>
>
>
> On Thu, 25 Feb 2010, Ian wrote:
>
> > This is officialy driving me nuts!
> >
> > with the busybox su logged in as nobody:
> >
> > $ su -c ls nobody
> > su: This applet requires root priviledges!
> >
> > So - I can only do su -c as root. Ok I thought - I'll detect whose
> > running the /etc/init.d script. Unfortunately - when a process is started
> > via init - $USER is empty (no shell, no environment I guess)
> >
> > Also unfortunately - when apache cgi shell script runs /etc/init.d script
> > - $USER is also empty.
>
> On most systems /bin/su is setuid, which means anyone can use it - though
> non-root users might be prompted for passwords.
>
> If you use su to start you application as nobody in part of an init.d
> script, that script should be running as root, so there should be no
> problem.
On tsLinux su symlinks to busybox of course - and as I demonstrated above -
even when already logged in as user nobody - It refuses a su -c some_command
nobody. So a switch is definitely required in the init script to handle
non-root differently for starting the app.
>
> To find out which user is running use the 'id' command. Your userid number
> is more embedded than some noddy environment variable :-)
Good point - I'd not thought of using id. In the end another noddy environment
variable came to my aid ;)
When stared via the webif - QUERY_STRING is set. So I made use of that:
'start')
echo "Starting up pnp..."
if [ -n "$QUERY_STRING" ]; then
/usr/sbin/pnp -c /etc/pnp.ini -l /var/log/pnp.log -d 2
>/dev/null &
else
su -c "/usr/sbin/pnp -c /etc/pnp.ini -l /var/log/pnp.log -d 2
>/dev/null &" nobody
fi
;;
Thanks again for your help Jim.
>
>
> >
> > Still stuck with my original proplem ...
> >
> >
> > --- In "Ian" <colecian@> wrote:
> >>
> >> Hi Jim,
> >>
> >> excellent advice. su is indeed present.
> >>
> >> I had to change /etc/passwd to give 'nobody' a shell.
> >>
> >> then
> >>
> >> su - c "some command" nobody
> >>
> >> worked. And the web interface stops it ok.
> >>
> >> Thanks for your help.
> >>
> >> Ian
> >>
> >> --- In Jim Jackson <jj@> wrote:
> >>>
> >>>
> >>>
> >>>
> >>> On Wed, 24 Feb 2010, Ian wrote:
> >>>
> >>>> Hi,
> >>>>
> >>>> I have an app that's started via /etc/init.d on tsLinux from the embedded
> >>>> flash
> >>>>
> >>>> I also have a web interface to start/stop this process. But after a
> >>>> reboot the apache 'nobody' user can't kill the process as its been
> >>>> started by root.
> >>>>
> >>>> once stopped by root. the web interface works as expected.
> >>>>
> >>>> I thought about putting sudo onto the tsLinux but it looks a bit heavy
> >>>> resource wise - and my initial hacks left it failing to do a reverse
> >>>> lookup and with pam broken.
> >>>
> >>> Isn't "su" on the TSlinux image? Make your init.d script use this to start
> >>> you app running as user nobobdy and then your apache app will be able to
> >>> kill it.
> >>>
> >>>>
> >>>> Does anyone have a solution to this?
> >>>>
> >>>> Thanks,
> >>>>
> >>>> Ian
> >>>>
> >>>>
> >>>
> >>
> >
> >
> >
>
------------------------------------
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/ts-7000/
<*> Your email settings:
Individual Email | Traditional
<*> To change settings online go to:
http://groups.yahoo.com/group/ts-7000/join
(Yahoo! ID required)
<*> To change settings via email:
<*> To unsubscribe from this group, send an email to:
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
|