You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2012-04-01 04:36:13
- Mykander
- Member
- Registered: 2012-03-30
- Posts: 18
Startup Daemons and Permissions?
I'm starting to get into permissions problem with various daemons I've got running as I start toying with automated processes. I'd like to keep it so that my user account(s) are just that and not running any daemons or system processes, although I know it would be easy to just have one user account run everything and it would solve almost all my problems. I'd also like to avoid just setting everything to 666/777. My current problem I'm trying to work out is I've got my regular user account which acts as the user I use as a generic user account. That account is what owns the overall file share directory and the account that I connect through via samba to do most of my interaction with the system. I've also got a home theater/media server setup which has no problems since it's run as a display manager and I'm fine with that running as my main user account as well.
I start getting problems as I add new daemons that potentially need to work with each other and/or operate on files in my share. For example, I've got one program to automatically grab metadata on any music or videos I put in a specific folder but all the files it creates are set to be owned by the daemon's user and group, which causes all sorts of mess because then my regular user account can't see/access them. And if I try and change the ownership to my user account, then the program goes all screwy if it needs to do anything (update it or what not) with those files as well.
I'm relatively sure I can solve my problem if I can figure out how to get all the deamons to use the same group account, then I can add my user account to that group and set my umask/daemons to give full permissions to group owners when it creates everything. However, how in the world do I actually do that? As far as I can tell most daemons use "su" to set the initial user, but while some places say su can change group id, I can't actually find anywhere that tells you how. On top of all that, I can't help but feeling I'm missing some stupidly obvious workaround since this seems like it'd be a nightmare to work out in complex many user systems.
Offline
#2 2012-04-01 08:36:14
- Gcool
- Member
- Registered: 2011-08-16
- Posts: 1,456
Re: Startup Daemons and Permissions?
So if I understand correctly, you have specific daemons which you would want to run as another uer (non-root)?
Usually, this can easily be specified (read the related daemon's man page + docs) by specifying this in their config. Something among the lines of:
user <youruser>
group <somegroup>Burninate!
Offline
#3 2012-04-01 17:02:15
- ewaller
- Administrator
- From: Pasadena, CA
- Registered: 2009-07-13
- Posts: 20,612
Re: Startup Daemons and Permissions?
You can add users to each other's groups.
You can also have your daemons perform a chown and chgrp on the files they download, handing them over to the user of your choice.
If you want to get really complicated, look at access control lists
Nothing is too wonderful to be true, if it be consistent with the laws of nature -- Michael Faraday
The shortest way to ruin a country is to give power to demagogues.— Dionysius of Halicarnassus
---
How to Ask Questions the Smart Way
Offline
#4 2012-04-05 19:01:20
- rwd
- Member
- Registered: 2009-02-08
- Posts: 671
Re: Startup Daemons and Permissions?
Other things that you can look into to deal with permission issues:
- use umask to change default permissions of files created by a specific user
- use setgid on directories to make files in them inherit the group of the parent folder instead of the user creating the file
Last edited by rwd (2012-04-05 19:28:43)
Offline
Pages: 1