Menu

#44 Wrapper UID under UNIX

open
nobody
None
5
2011-09-01
2011-09-01
No

Current behavior:
When wrapper started as daemon under root then wrapper uid is root (and wrapped app is wrapper.app.account).
When wrapper started as daemon under <user> then wrapper uid is <user>.

Problem:
On production system you may not have root permissions - only <user>. Service is registered by administrator (security policy).
And if your app started with system as daemon you cannot stop and restart it under <user>.
Better way when wrapper always started under <user>.
---
May be patch template/daemon.vm with "su - <wrapper.app.account> -c eval "$w_... "

Discussion

  • rzo

    rzo - 2011-09-04

    hello,

    you can stop and restart it using the system tray icon or a jmx client such as jconsole.
    this is better than using batch files, as it communicates with the wrapper through tcp/ip and thus overrides permission conflicts.

    using su in the batch file requires the user to know the password....

    what do you think ?

    -- ron

     
  • Konstantin Ryadov

    Hello, Ron!

    It is exists many risks to start user processes under privileged user.
    JMX access with root permissions is not good case.

    "su" is needed only in system startup scripts (/etc/rc.d) - it exec under root and do not require password.

    May be check (e.g. if some property is defined) - if user is root then use "su"?

     

Log in to post a comment.