How should I log from a non-root Debian Linux daemon?
You should create a subdirectory like /var/log/mydaemon
having the daemon's user ownership
Linux journal daemon log and/or persist only the error/critical event logs
Use MaxLevelStore=crit
This controls the maximum log level of messages that are stored in the journal.
Messages equal or below the log level specified are stored, messages above are dropped. Defaults to "debug".
Disabling Auto root login on a Debian-based distro?
Got it !
The file to edit is :
/lib/systemd/system/getty@.service
You need to replace 'root' by the user you want on the EXEC line !
Hope it will help you if the struggle tends to be too real !
design pattern for logging from a web server worker as an unprivileged user in python
By creating a folder for your process inside the /var/log
and /var/run
folders, you can change the owner and group from within the init script (as it's ran by root), so the process will have write access to it. For /var/log
, it is enough to create the folder once, but the /var/run
folder will have to be recreated on every system restart. This is how I solved it (for simplicity I recreate here both folders):
DAEMON_USER='unprivilegeduser'
DAEMON_GROUP='unprivilegedgroup'
DAEMON_PID_DIR='/var/run/myprocessname'
DAEMON_LOG_DIR='/var/log/myprocessname'
PIDFILE="$DAEMON_PID_DIR/gunicorn.pid"
LOGFILE="$DAEMON_LOG_DIR/gunicorn.error.log"
mkdir -p $DAEMON_PID_DIR
mkdir -p $DAEMON_LOG_DIR
chown $DAEMON_USER:$DAEMON_GROUP $DAEMON_PID_DIR
chown $DAEMON_USER:$DAEMON_GROUP $DAEMON_LOG_DIR
[...]
gunicorn -u nobody -b 127.0.0.1:8000 \
--error-logfile=$LOGFILE --pidfile=$PIDFILE -D
I have a server which is used by my team with same user name. I want to trace who has triggered a perticular command?
You are out of luck. All the logs and even the bash history file would be a total mess because it does not record the virtual terminal interface (tty
) the command did come from. A proper usage would be using different users. If those users did have need to launch command using root privileges, you can manage that, you have sudo
command.
I would suggest checking super user for more specialized answers, stack overflow is more oriented to programming.
running python-daemon as non-priviliged user and keeping group-memberships
my current solution involves dropping root priviliges before starting the actual daemon, using the chuid
argument for start-stop-daemon
:
start-stop-daemon \
--start \
--chuid daemonuser \
--name testdaemon \
--pidfile /var/run/testdaemon/test.pid \
--startas /tmp/testdaemon.py \
-- \
--pidfile /var/run/testdaemon/test.pid \
--logfile=/var/log/testdaemon/testdaemon.log
the drawback of this solution is, that i need to create all directories, where the daemon ought to write to (noteably /var/run/testdaemon
and /var/log/testdaemon
), before starting the actual daemon (with the proper file permissions).
i would have preferred to write that logic in python rather than bash.
for now that works, but me thinketh that this should be solveable in a more elegant fashion.
How to access as root with WinSCP to Debian 8 server
If you are trying to login to sftp via password as root, and not with rsa key edit
nano /etc/ssh/sshd_config
and change line
PermitRootLogin without-password
to
PermitRootLogin yes
Related Topics
Safer Alternative to Matlab's 'system' Command
Recording from Alsa - Understanding Memory Mapping
Deleting Content of Folder with Shell Script
How to Configure Gitlab as a Subdomain in Nginix.Conf
Read Lines Between Two Keywords
Individual Thread Priority Checking Using Command Line in Linux
Resolving MAC Address for Ip Address Using C++ on Linux
Linux Async (Io_Submit) Write V/S Normal (Buffered) Write
"Hello World" Function Without Using C Printf
Environment Variables in Docker When Exec Docker Run
Awk, Pipe and Tail -F Giving Unexpected Behavior
Is There Any Posix Way Through Fstat() to Check Whether a File Is a Symbolic Link or Not
Find Based Filename Autocomplete in Bash Script
How to Clear Space on My Main System Drive on a Linux Centos System