Hi!

I've got my IRC server along with services running nicely on my machine.

But the problem is, either I can run it as root, which is somewhat dangerous, due to permissions that come along with it. Or, I can run it as myself. But then I have to log in, and that's not what I want.

My idea is pretty much taken from the Apache world of servers:
The service has it's own username and group, under which it runs, and has access to it's files.

But I couldn't find a how-to, in any of my Linux books, adressing this problem.

Could someone give me a tip, how to make applications run as a different user? Say, it's started by root, but then changes to 'ircd' or something.

cheers

--polemon

Cool! thanx!

One more thing though:
Can I add users without a login shell, password and home directory, directly with adduser?

you can use useradd without certain switches it won't create a ~ directory, and you can change it's entry in /etc/passwd for the shell to be /bin/false or whatever you want.

That behavior needs to be written as part of the program.

I believe if you add your ircd user, chown ircd to user ircd and then use the setuid bit on the binary it will run as ircd.(Sorry for all the repetition. And lousy spelling.)

actually, I tryed being /sbin/nologin or /bin/false, but then I can't run programs with the su command, the solution cs-cam suggested.
the shell is /bin/sh now, and unfortunatelly, I _can_ log in, but only while being root with the su command. A Password is not given, I have a "*" (asterisc) in the place where the password should go, in the shadow file (standart for system-users).
It works that way, and I think I'm gonna leave it like that.

It's not the fully professional way, though.
I'd definately want to be the shell /sbin/nologin, and force the program to change it's UID afterwards.
Are you sure this can't be done with a shell command?

cheers,

--polemon

Solved:
I wrote a shellscript for the /etc/init.d and /etc/rcX.d/ directory hierarchy.
There you can use the functions, provided by /etc/init.d/funtions shellscript, one of those is called "daemon". It supports starting processes as a different user, by simply calling bash with that user. Since it is root in the beginning, bash obeys this directive.

easy.

The /etc/init.d/ structure, is a Red-Hat thing. The tool chkconfig works together with that. Don't know how to solve it on other systems, except by writing your own startup script with some algorythms from the functions-script.

Thanks for your help anyways.

--polemon