Init Script With Different user

[smpoole7]

This is one of those things I probably ought to know, but I've never needed it before now. I want to start VirtualBox with an init script in /etc/init.d. That part's easy (I've already got it). But I don't want it to run as root, I want it to run as a less-privileged user. How do I do that? Put an "su" in the script? suid the executable?

Inquiring minds want to know.

[ken_yap]

You use the -u option of startproc inside your init script to specify the user you want to run as. man startproc.

You can see an example using Debian's start-stop-daemon, which is similar in functionality to startproc, here:

Running a production IPCop in a Virtualbox VM

[malcolmlewis]

Quote:

Originally Posted by smpoole7

This is one of those things I probably ought to know, but I've never
needed it before now. I want to start VirtualBox with an init script in
/etc/init.d. That part's easy (I've already got it). But I don't want it
to run as root, I want it to run as a less-privileged user. How do I do
that? Put an "su" in the script? suid the executable?

Inquiring minds want to know.

Hi
Yes, that would be the way su - <some_user> but one needs to ask what
your ultimate goal is, perhaps a bit more detail

For example do you just want a vm to start into say a windows vm
running full screen? Do you want to run a server applications that
never use a GUI, use a different display, Xvfb etc.

--
Cheers Malcolm °¿° (Linux Counter #276890)
openSUSE 11.2 (i586) Kernel 2.6.31.5-0.1-desktop
up 3:46, 2 users, load average: 0.38, 0.25, 0.19
ASUS eeePC 1000HE ATOM N280 1.66GHz | GPU Mobile 945GM/GMS/GME

[smpoole7]

Thanks, Ken, and sheesh. I had forgotten about startproc, even though I've used it in the past with scripts.


Malcom,

I have become a VirtualBox lover and mega-user. We're running our mail server in it on one machine, and on the one in question here, I'm going to run both an FTP server and a firewall on separate IP addresses. All three "machines" -- the host and the two guests -- will be minimal, text-only installs. Just as a matter of principle, I don't like running a VM as root. I feel like I get another layer of security that way.

The PC in question has several NICs, so it's ideal. I can set up two to bridge straight into and out of the firewall and a third bridges straight into the FTP server. Best of all, I'm using OpenSUSE 11.1, with which I'm totally comfortable, but when it comes time to upgrade, I'll just down the VM for about an hour and install the new version. It's slicker'n hot oil on a doorknob.

Best of best of all, I can do the upgrades remotely. (I just did a net install of 11.1 in one of the VMs last night; worked like a hose.)

-- Stephen