D&C Lug - Home Page
Devon & Cornwall Linux Users' Group

[ Date Index ][ Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]

RE: [LUG] ROOT:Running apps as another user



I would caution against running apps from root.  Generally it is unsafe to
do anything from root that doesn't absolutly have to run from root.  It is
just too easy to mess up! (speaking from personal pain).  It does depend on
what you want to do, and one-off setups are (I reluctantly s'pose) OK to use
su(1), but running apps should really be done under the correct username, or
group.  If you havn't looked at user groups you might find they help.
Regular background jobs can be scheduled by the user with cron, and ad-hoc
using at(1).

Clive

-----Original Message-----
From: Simon Waters [mailto:Simon@xxxxxxxxxxxxxxxxxxxx]
Sent: 22 April 2003 15:05
To: list@xxxxxxxxxxxx
Subject: Re: [LUG] ROOT:Running apps as another user


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Keith Abraham wrote:
> 	This might be a real dummy question but how do I, as
> 	root, run and configure an application for a non-root
> 	user?
> 	This appears to me to be a normal sys admin task but
> 	I can't find anything about how to do it.

Depends very much what the application is and how you are customising it.

The X window way is to have the central defaults in a file under
/etc/X11 or similar, and you edit these files to set the default for
everyone. See /etc/X11/app-default. The user can customise it by having
local modified copies of these files under $HOME, or other X resource
schemes which are more like registries (man X, man xrdb etc). Other
desktops built on X have usually followed this model to varying extents.

To run an application as a user you can use "su" hence the ubiquitous
"su - oracle -c dbstart" run as user oracle with environment variable
(hence "-") the command "dbstart". Usually this is in the start section
of /etc/init.d/oracle or similar.

More generally "su - username" will typically give you a shell as
another user.

Sometimes it is handy to acquire another users account, typically root
can edit the "shadow" or "passwd" files in "/etc" and remove that users
password temporarily. Thus allowing him to log in as that user via GUI
login's and the like. This is getting harder as authentication schemes
get more elaborate.
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE+pUv2GFXfHI9FVgYRAiveAJ9RkKzVj8mBhCwd8KJrg8HQNb9eWACfURHb
H4Bw6EZncAP+v6r5fliE+w8=
=lwlJ
-----END PGP SIGNATURE-----

--
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe.

________________________________________________________________________
This e-mail has been scanned for all viruses by Star Internet. The
service is powered by MessageLabs. For more information on a proactive
anti-virus service working around the clock, around the globe, visit:
http://www.star.net.uk
________________________________________________________________________

________________________________________________________________________
This e-mail has been scanned for all viruses by Star Internet. The
service is powered by MessageLabs. For more information on a proactive
anti-virus service working around the clock, around the globe, visit:
http://www.star.net.uk
________________________________________________________________________

--
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe.


Lynx friendly