How to Run a Command as a Specific User in an Init Script

How to run a command as a specific user in an init script?

On RHEL systems, the /etc/rc.d/init.d/functions script is intended to provide similar to what you want. If you source that at the top of your init script, all of it's functions become available.

The specific function provided to help with this is daemon. If you are intending to use it to start a daemon-like program, a simple usage would be:

daemon --user=username command

If that is too heavy-handed for what you need, there is runuser (see man runuser for full info; some versions may need -u prior to the username):

/sbin/runuser username -s /bin/bash -c "command(s) to run as user username"

Switch user in a init script?

I use this:

su -l $MUSER -c "myCommand args..."

Update: Since there is interest in this answer, I explain the way I use it here.

We run servers as normal linux users, not root. The username contains three parts:

service, customer, stage

This way we can run several services for several customers in one linux OS.

Example: foo_bar_p Service "foo" of customer "bar" and "p" means production

Here is the part of the init script. The init script can be executed as root or as foo_bar_p user:

# /etc/init.d/foo_bar_p-celeryd
# scriptname contains linux username  
SCRIPT_NAME=`basename "$0"`
SYSTEM=${SCRIPT_NAME%*-celeryd}

U=`id -nu`

if [ ! $U == $SYSTEM ]; then
    if [ $U == "root" ]; then
        # use "-l (login)" to delete the environment variables of the calling shell.
        exec su -l $SYSTEM -c "$0 $@"
    fi
    echo "Script must be run from $SYSTEM or root. You are '$U'"
    rc_exit 1
fi

# OK, now I am foo_bar_p
cd
. $HOME/.bashrc
....

How to make my init.d script change users

Check out the following link for the 'DJB' way of starting up processes as other users:
http://thedjbway.b0llix.net/daemontools/uidgid.html

Also, see:
How to run a command as a specific user in an init script?

how to run a bash script at startup with a specific user on Ubuntu 12.04 (stable)

This may not be the best answer, but it is how I decided to complete this task:

Exactly as this post here:

how to run script as another user without password

I did use rc.local to initiate the process at startup. It seems to be working quite well.

Run Startup Script as another Windows user on Google Compute Engine

The account nt authority\system is a built-in system account that is part of the Administrators group. This account is not a user. Google Compute Engine instances run startup scripts as this account.

Your question is not clear on what you mean by Administrator account. This term is often used to mean a) The User Account named Administrator and b) An account with elevated permissions.

The startup system account is an Administrator, but it is not the user account named Administrator. These are different concepts. I do not recommend that you run scripts that require access to the user named Administrator. Instead, design your startup scripts to perform the tasks required as part of the system account.

Note that administrator accounts can have any name. The usage of Administrator is a convention only. Startup scripts are not logged in as users, so your goal to run the startup script as the logged-in user (which is not logged in at that point in time) is not possible. You must know the username in advance, the username must have a password and must be enabled. None of which exist on the first startup of a new instance.

You can schedule a task to run as any username using the schtasks command from a startup script. The user account must be enabled and have a password.

Windows Schtasks.exe

compute engine startup script can't execute as a non-root user

sudo su is not a command run within a shell -- it starts a new shell.

That new shell is no longer running your script, and the old shell that is running the script waits for the new one to exit before it continues.

The sudo su command will start a new shell. The old shell waits for the old one to exit and continues executing the rest of the code.
Your script is running in the 'old' shell, which means these commands:

cd /home/drupal
touch test.txt

are still executed as root and thus the owner of these files is root as well.

You can modify your script to this:

#! /bin/bash
sudo useradd -m drupal
sudo -u drupal bash -c 'cd ~/; touch text2.txt'

and it should work.
The -u flag executes the command as the user specified, in this case 'drupal'

dev_appserver.py: Run init script from command line? (instead of interactive console)

Moving details from comments section to full answer

Don't know if that is possible but a possible workaround could be to put this code at the beginning of your main.py or whatever is your main file.

The process then becomes - your app starts, loads your main file (maybe when someone visits your home page) which checks if a flag is set. If flag is not set, it runs your datastore init script and sets the flag (maybe the flag is set in datastore itself).

I had something similar to what I described but the code is triggered when you try to access the home page url.

---

Related Topics