LinuxQuestions.org - Init.d Script

- Debian (https://www.linuxquestions.org/questions/debian-26/)

- - Init.d Script (https://www.linuxquestions.org/questions/debian-26/init-d-script-731506/)

Hello all,

I'm running Debian Lenny x86 and i just installed glassfish with some errors ( if you can give me hand i will greatly appreciate it click here) but the problem i have now is about the user who is launching the server and that user is root.

How i can make the user glassfish that i previously created to start the server executing the /etc/init.d/glassfish script i'm using, like the user proxy start the squid3, the user mysql start mysql database, the user www-data start apache2 and the user tomcat start the tomcat servlet server, etc

I checked the squid3, apache2 and mysql scripts but couldn't figure out how they make those users to start the services, all /etc/init.d belongs to root and the /etc/squid3, /etc/apache2 , etc too. (nothing about su -c or any user change )

The point is, how i can make a boot script that the owner is root and make other user start the service taking by example the /etc/init.d/skeleton file

INTI.D SCRIPT

Code:

#! /bin/sh

### BEGIN INIT INFO

# Provides:          glassfish

# Required-Start:    $local_fs $remote_fs

# Required-Stop:    $local_fs $remote_fs

# Default-Start:    2 3 4 5

# Default-Stop:      0 1 6

# Short-Description: glassfish initscript

# Description:      Simple initscript for GlassFish App server

### END INIT INFO



# Do NOT "set -e"



# PATH should only include /usr/* if it runs after the mountnfs.sh script

PATH=/sbin:/usr/sbin:/bin:/usr/bin:/opt/glass/bin

DESC="GlassFish Java EE5 App server"

NAME=glassfish

ASADMIN=asadmin

PIDFILE=/var/run/$NAME.pid

SCRIPTNAME=/etc/init.d/$NAME



# Load the VERBOSE setting and other rcS variables

. /lib/init/vars.sh



# Define LSB log_* functions.

# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.

. /lib/lsb/init-functions



#

# Function that starts the daemon/service

#

do_start()

{

        $ASADMIN start-domain \

                || return 1

}



#

# Function that stops the daemon/service

#

do_stop()

{

        $ASADMIN stop-domain \

                || return 1

}



case "$1" in

  start)

        [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"

        do_start

        case "$?" in

                0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;

                2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;

        esac

        ;;

  stop)

        [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"

        do_stop

        case "$?" in

                0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;

                2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;

        esac

        ;;

  restart|force-reload)

        log_daemon_msg "Restarting $DESC" "$NAME"

        do_stop

        sleep 10

        case "$?" in

          0|1)

                do_start

                case "$?" in

                        0) log_end_msg 0 ;;

                        1) log_end_msg 1 ;; # Old process is still running

                        *) log_end_msg 1 ;; # Failed to start

                esac

                ;;

          *)

                # Failed to stop

                log_end_msg 1

                ;;

        esac

        ;;

  *)

        echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2

        exit 3

        ;;

esac



:

DIRECTORY PERMISSION

Code:

intranet:/opt# l

total 182768

drwxrwxr-x  5 intranet  intranet      4096 2009-06-08 16:07 ApacheDirectoryStudio-linux-x86-1.4.0.v20090407

drwxrwxr-x  9 intranet  intranet      4096 2009-04-23 10:57 apache-tomcat-6.0.18

drwxr-xr-x 13 glassfish glassfish      4096 2009-06-02 20:50 glass

drwxrwxr-x 11 bpms      bpms          4096 2009-04-08 14:36 intalio-bpms-ee-6.0.0.036-jboss-4.0.5.GA

drwxrwxr-x  4 intranet  intranet      4096 2009-06-08 13:55 ntlmaps-0.9.9.0.1

-rwxrwxr-x  1 root      root            226 2009-04-28 12:34 license

-rwxrwxr-x  1 root      root      186941440 2009-06-02 10:34 sdk_backup.tar

Thank in advice

Quote:

Originally Posted by pliqui (Post 3567317)

The point is, how i can make a boot script that the owner is root and make other user start the service taking by example the /etc/init.d/skeleton file

Don't put it in init.d, but move it to the users directory, to be started after booting the system proper. Unfortunately it's not exactly clear to me what you're trying to achieve. If your problem is the failure to start specific services for a certain user, add that user to the group of the specific service. Alternatively, create a separate group that does carry the required permissions to start the affected services.

Sorry Dutch Master, my english sometime is confusing (not my native languge). What i want to do is to start, stop or restart a service by a user. For example, to start apache2 you type as root

Code:

/etc/init.d/apache2 start

But when you check the service you can see that the UID is www-data and not root

Code:

intranet:~# ps -fu www-data

UID        PID  PPID  C STIME TTY          TIME CMD

www-data  9577  2980  0 Jun08 ?        00:00:00 /usr/sbin/apache2 -k start

www-data 12625  2980  0 08:54 ?        00:00:00 /usr/sbin/apache2 -k start

www-data 18286  2980  0 Jun08 ?        00:00:00 /usr/sbin/apache2 -k start

www-data 19503  2980  0 Jun08 ?        00:00:00 /usr/sbin/apache2 -k start

www-data 19907  2980  0 Jun08 ?        00:00:00 /usr/sbin/apache2 -k start

www-data 20008  2980  0 Jun08 ?        00:00:00 /usr/sbin/apache2 -k start

www-data 20033  2980  0 Jun08 ?        00:00:00 /usr/sbin/apache2 -k start

www-data 20039  2980  0 Jun08 ?        00:00:00 /usr/sbin/apache2 -k start

www-data 21031  2980  0 Jun07 ?        00:00:01 /usr/sbin/apache2 -k start

www-data 21033  2980  0 Jun07 ?        00:00:00 /usr/sbin/apache2 -k start

Same with squid, to start the service

Code:

/etc/init.d/squid3 start

but the user running the service is proxy not root

Code:

intranet:~# ps -fu proxy

UID        PID  PPID  C STIME TTY          TIME CMD

proxy    27542 27540  0 Jun08 ?        00:00:56 (squid) -D -YC

proxy    27548 27542  0 Jun08 ?        00:00:00 (unlinkd)

I want to do /etc/init.d/glassfish but when i start the service i want the user glassfish and not root as follow

Code:

intranet:~# ps -fu root

UID        PID  PPID  C STIME TTY          TIME CMD

root    12881 12880  4 08:59 pts/0    00:00:02 /usr/lib/jvm/java-6-sun/bin/java -Dcom.sun.aas.instanceName=server -Djava.library.path=/opt/gl

root    12894 12881 19 08:59 pts/0    00:00:08 /usr/lib/jvm/java-6-sun/bin/java -Dcom.sun.aas.instanceRoot=/opt/glass/domains/domain1 -Dcom.s

Hope this can help to clear things, and thanks for your time.

English isn't my native language either ;) Anyway, I understand what you want, but I still fail to understand why. What's wrong with root instead of glassfish, a user you've created yourself? Mind you, in Linux the saying goes: If you can't fix it yourself, don't break it! ;)

Jajajajaja, well, i want to try it with another user for 2 things.

1.- To obtain more knowledge of Linux. I know that i can create a .sh script and log as glassfish user and start the service. I can even put it any rc.*.d folder for boot, but what happens for example, if i want to make a package with glassfish for Debian. Like tomcat, tomcat service is running by tomcat user, not root.

Code:

repositorio:~# ps -fu tomcat6

UID        PID  PPID  C STIME TTY          TIME CMD

tomcat6  2921  2918  4 19:35 ?        00:00:03 /usr/bin/jsvc -user tomcat6 -cp /usr/share/java/commons-daemon.jar:/usr/share/tomcat6/bin/bootstrap.jar -outfile SYSLOG -errfile SYSLOG -pidfile /var/run/tomcat6.pid -Djava.awt.headless=true

2.- Because would be the right thing in a production environment (to have things started by the users)

Sadly i'm not a sys admin, i asked to be transfered to unix support where i work but nothing. So this is only for fun and point 1. And perhaps could make the package for repos, that could be great.

Cheers and again thanks for your time

In that case, try to figure out how tomcat did it, and you're there ;)

Ok, tomcat was a bad example, is passing the user in this line /usr/bin/jsvc -user tomcat6... but the apache and squid script, is not passing any user, i try to find in the script any sign of www-data for the apache or user proxy for the squid, and nothing.

Or its setup in the binary file?

Well, thanks for your time either way, i will try to solve this thing out

From the apache man page:

Quote:

apache2 is the Apache HyperText Transfer Protocol (HTTP) server program. It is designed to be run as a standalone daemon process. When used like this it will create a pool of child processes or threads to handle requests.

The apache daemon is run as root. You are missing the mother process by searching for processes running under www-data. Try "ps aux | grep apache" :

Code:

$ ps  aux |grep apache

root      3658  0.0  0.4  5300  2488 ?        Ss  06:42  0:00 /usr/sbin/apache2 -k start

www-data  3659  0.0  0.3  5072  1680 ?        S    06:42  0:00 /usr/sbin/apache2 -k start

www-data  3660  0.0  0.4 226768  2124 ?        Sl  06:42  0:00 /usr/sbin/apache2 -k start

www-data  3692  0.0  0.4 226768  2128 ?        Sl  06:42  0:00 /usr/sbin/apache2 -k start

The user the child processes run under is defined in the apache config files

Quote:

/etc/apache2/apache2.conf
/etc/apache2/envars

I have used super to achieve this:

Quote:

super - Execute commands setuid root

Edit the /etc/super.tab file by adding:

Code:

:define SuperUsers username

daemonstart      '/etc/init.d/daemon start'      uid=root        gid=groupname      $SuperUsers

run it as username with:
super daemonstart

Regards,
Stefan

Thank you propofol. Worked very well, didn't know about this program. Really appreciate the help.

man start-stop-daemon

Quote:

start-stop-daemon is used to control the creation and termination of system-level processes. Using one of the matching options,
start-stop-daemon can be configured to find existing instances of a running process.

Quote:

-c, --chuid username|uid

Change to this username/uid before starting the process. You can also specify a group by appending a :, then the group or gid in the same way as you would for the ‘chown’ command (user:group). If a user is specified without a group, the primary GID for that user is used. When using this option you must realize that the primary and supplemental groups are set as well, even if the --group option is not specified. The --group option is only for groups that the user isn’t normally a member of (like adding per process group membership for generic users like nobody).

examples at bottom of man page.

also

Debian - Daemons and init scripts

Creating a Daemon in Debian Linux

thanks farslayer, going to check out those links.