Linux 如何在 init 脚本中以特定用户身份运行命令?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/17956151/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to run a command as a specific user in an init script?
提问by ddario
I'm writing an init script which is supposed to execute a single command as a user different than root. This is how I'm doing it currently:sudo -u username command
我正在编写一个 init 脚本,它应该以不同于 root 的用户身份执行单个命令。这就是我目前的做法:sudo -u username command
This generally works as expected on Ubuntu/Debian, but on RHEL the script which is executed as the commandhangs.
Is there another way to run the command as another user?
(Note that I can't use lsb init functions as they're not available on RHEL/Centos 5.x.)
这通常在 Ubuntu/Debian 上按预期工作,但在 RHEL 上,脚本在command挂起时执行。
还有另一种方法可以以其他用户身份运行命令吗?
(请注意,我不能使用 lsb init 函数,因为它们在 RHEL/Centos 5.x 上不可用。)
采纳答案by lagweezle
On RHEL systems, the /etc/rc.d/init.d/functionsscript is intended to provide similar to what you want. If you source that at the top of your init script, all of it's functions become available.
在 RHEL 系统上,该/etc/rc.d/init.d/functions脚本旨在提供与您想要的类似的内容。如果您在 init 脚本的顶部获取它,则它的所有功能都可用。
The specific function provided to help with this is daemon. If you are intending to use it to start a daemon-like program, a simple usage would be:
提供帮助的特定功能是daemon. 如果你打算用它来启动一个类似守护进程的程序,一个简单的用法是:
daemon --user=username command
If that is too heavy-handed for what you need, there is runuser(see man runuserfor full info; some versions may need -uprior to the username):
如果这对于您的需要来说过于严厉,则有runuser(请参阅man runuser完整信息;某些版本可能需要-u在用户名之前):
/sbin/runuser username -s /bin/bash -c "command(s) to run as user username"
回答by mti2935
I usually do it the way that you are doing it (i.e. sudo -u username command). But, there is also the 'djb' way to run a daemon with privileges of another user. See: http://thedjbway.b0llix.net/daemontools/uidgid.html
我通常按照您的方式进行操作(即 sudo -u username 命令)。但是,也有“djb”方式来运行具有另一个用户权限的守护进程。见:http: //thedjbway.b0llix.net/daemontools/uidgid.html
回答by crafter
If you have start-stop-daemon
如果你有 start-stop-daemon
start-stop-daemon --start --quiet -u username -g usergroup --exec command ...
回答by Jeff N
Instead of sudo, try
而不是sudo,尝试
su - username command
In my experience, sudois not always available on RHEL systems, but suis, because suis part of the coreutils package whereas sudois in the sudo package.
根据我的经验,sudo在 RHEL 系统上并不总是可用,但su是,因为su是 coreutils 包的一部分,而sudo在 sudo 包中。
回答by LOAS
For systemd style init scripts it's really easy. You just add a User= in the [Service] section.
对于 systemd 风格的初始化脚本,这真的很容易。您只需在 [Service] 部分添加一个 User= 。
Here is an init script I use for qbittorrent-nox on CentOS 7:
这是我在 CentOS 7 上用于 qbittorrent-nox 的初始化脚本:
[Unit]
Description=qbittorrent torrent server
[Service]
User=<username>
ExecStart=/usr/bin/qbittorrent-nox
Restart=on-abort
[Install]
WantedBy=multi-user.target
回答by tryingToLearn
Adding this answer as I had to lookup multiple places to achieve my use case. I had a script that runs on startup. This script runs process as a specific (passwordless) user and is running on multiple linux flavors. Here are options on different flavors: (I have taken java as target process for example)
添加此答案是因为我必须查找多个位置才能实现我的用例。我有一个在启动时运行的脚本。此脚本以特定(无密码)用户身份运行进程,并在多种 linux 版本上运行。以下是不同风格的选项:(例如,我以 java 作为目标进程)
1. RHEL / CentOS 6:
1. RHEL / CentOS 6:
source /etc/rc.d/init.d/functions
daemon --user=myUser $JAVA_HOME/bin/java
2. RHEL 7 / SUSE12 / other linux flavors where systemd is used:In your systemd unit file add:
2. RHEL 7 / SUSE12 / 其他使用 systemd 的 linux 版本:在您的 systemd 单元文件中添加:
User=myUser
3. Suse 11:
3. 苏斯 11:
/sbin/startproc -u myUser $JAVA_HOME/bin/java
/sbin/startproc -u myUser $JAVA_HOME/bin/java
