On Thu, 25 Feb 2010, Ian wrote:
> --- In Jim Jackson <> wrote:
>>
>> On Thu, 25 Feb 2010, Ian wrote:
>>
>>> This is officialy driving me nuts!
>>>
>>> with the busybox su logged in as nobody:
>>>
>>> $ su -c ls nobody
>>> su: This applet requires root priviledges!
>>>
>>> So - I can only do su -c as root. Ok I thought - I'll detect whose
>>> running the /etc/init.d script. Unfortunately - when a process is started
>>> via init - $USER is empty (no shell, no environment I guess)
>>>
>>> Also unfortunately - when apache cgi shell script runs /etc/init.d script
>>> - $USER is also empty.
>>
>> On most systems /bin/su is setuid, which means anyone can use it - though
>> non-root users might be prompted for passwords.
>>
>> If you use su to start you application as nobody in part of an init.d
>> script, that script should be running as root, so there should be no
>> problem.
>
>
> On tsLinux su symlinks to busybox of course - and as I demonstrated above
> - even when already logged in as user nobody - It refuses a su -c
> some_command nobody.
If you are logged in as user nobody, why on earth would you user su launch
your app as nobody???? Just launch it! You only need to use su if you are
running as root, and want the command to run as a different user!
There is obviously some confusion here. If it is my understanding then
of what you are trying to do I apologise, but you'll have to spell things
out in more detail.
> So a switch is definitely required in the init
> script to handle non-root differently for starting the app.
>
>> To find out which user is running use the 'id' command. Your userid number
>> is more embedded than some noddy environment variable :-)
>
> Good point - I'd not thought of using id. In the end another noddy
> environment variable came to my aid ;)
>
> When stared via the webif - QUERY_STRING is set. So I made use of that:
>
> 'start')
> echo "Starting up pnp..."
> if [ -n "$QUERY_STRING" ]; then
> /usr/sbin/pnp -c /etc/pnp.ini -l /var/log/pnp.log -d 2
> >/dev/null &
> else
> su -c "/usr/sbin/pnp -c /etc/pnp.ini -l /var/log/pnp.log -d 2
> >/dev/null &" nobody
> fi
> ;;
>
> Thanks again for your help Jim.
>
>
>>
>>
>>>
>>> Still stuck with my original proplem ...
>>>
>>>
>>> --- In "Ian" <colecian@> wrote:
>>>>
>>>> Hi Jim,
>>>>
>>>> excellent advice. su is indeed present.
>>>>
>>>> I had to change /etc/passwd to give 'nobody' a shell.
>>>>
>>>> then
>>>>
>>>> su - c "some command" nobody
>>>>
>>>> worked. And the web interface stops it ok.
>>>>
>>>> Thanks for your help.
>>>>
>>>> Ian
>>>>
>>>> --- In Jim Jackson <jj@> wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>> On Wed, 24 Feb 2010, Ian wrote:
>>>>>
>>>>>> Hi,
>>>>>>
>>>>>> I have an app that's started via /etc/init.d on tsLinux from the embedded
>>>>>> flash
>>>>>>
>>>>>> I also have a web interface to start/stop this process. But after a
>>>>>> reboot the apache 'nobody' user can't kill the process as its been
>>>>>> started by root.
>>>>>>
>>>>>> once stopped by root. the web interface works as expected.
>>>>>>
>>>>>> I thought about putting sudo onto the tsLinux but it looks a bit heavy
>>>>>> resource wise - and my initial hacks left it failing to do a reverse
>>>>>> lookup and with pam broken.
>>>>>
>>>>> Isn't "su" on the TSlinux image? Make your init.d script use this to start
>>>>> you app running as user nobobdy and then your apache app will be able to
>>>>> kill it.
>>>>>
>>>>>>
>>>>>> Does anyone have a solution to this?
>>>>>>
>>>>>> Thanks,
>>>>>>
>>>>>> Ian
>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>>>
>>>
>>
>
>
>
------------------------------------
Yahoo! Groups Links
<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/ts-7000/
<*> Your email settings:
Individual Email | Traditional
<*> To change settings online go to:
http://groups.yahoo.com/group/ts-7000/join
(Yahoo! ID required)
<*> To change settings via email:
<*> To unsubscribe from this group, send an email to:
<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/
|