For UNIX users that exist only to run daemons, it is customary to set the user's shell to /bin/false or /usr/sbin/nologin. Setting RUN_AS_USER to such an account will fail to start the wrapped java process because "su - USERNAME" fails to switch to a user without a valid shell.
For Linux, this is usually solved by using "su -s /bin/sh - USERNAME", overriding the user's shell in the context of this command. Unfortunately, this is not a cross-platform solution, as there does not exist an equivalent option for su on Mac OS X, and I do not know about the other supported platforms.
Using sudo instead of su solves this problem on all platforms I have access to, but I am unsure about possible ramifications.
Log in to post a comment.