Solved How to run a daemon as a user that isn't root?

[mariourk]

Hi,

I've been trying to run a full node for the Bitcoin network on my VDS. There is plenty of space and bandwidth available. So I figured, why not? Be supportive! :h

So, I've installed bitcoind from ports and found these instructions to get it all working with a nice rc script. However, when I run this script, bitcoind runs as root. And I really don't like that. So, my question is, how can I get this running as the user 'bitcoin'?

 

[vatson]

Re: How to run a daemon as a user that isn't root?

Modify the command in the bitcoin_start() function to look like this:

su bitcoin -c "/usr/local/bin/bitcoind -conf=/usr/local/etc/bitcoin.conf -datadir=/var/db/bitcoin/ -noupnp -daemon"

This assumes that you have created the user 'bitcoin" with a valid login shell and presumably also chowned all the contents of /var/db/bitcoin to that user (I know nothing about bitcoind, so it's just a common sense assumption).

 

[mariourk]

Re: How to run a daemon as a user that isn't root?

Yes, that did the trick. Thank you!

Too bad this solution needs the user bitcoin to have shell acces though. But I just set a rediculous password and made sure bitcoin doesn't have any SSH access. That should cover that problem.

Thanks! :beer

 

[SirDice]

Try setting the password to * with vipw(8). That will remove the password and no other password will ever succeed. You can also try setting the shell to /usr/sbin/nologin. But it depends a bit on the daemon if that's going to work or not.

 

[kpa]

You can set the login shell to /usr/sbin/nologin without any problems if you use the -m flag with su(1). It will allow the use of the account (only by root!) even if the login shell would otherwise prevent the use of the account. For example:

firewall /home/kimmo # grep unbound /etc/master.passwd 
unbound:*:59:1::0:0:unbound dns resolver:/nonexistent:/usr/sbin/nologin
firewall /home/kimmo # su unbound -c whoami
This account is currently not available.
firewall /home/kimmo # su -m unbound -c whoami
unbound
kimmo@firewall:/home/kimmo #

 

[raztud]

I have a similar problem. On freebsd 10.2, I am trying to run the owncloud newsupdater:

newsupdater_start()
{
        su -m myuser -c "/usr/bin/owncloud-news-updater $OWNCLOUD_PATH"
}

and the output is:

su: Sorry

 

[kpa]

Your normal user needs to be in the wheel group in order to be allowed to use su(1).

 

[Juha Nurmela]

There's also daemon(8) which is sometimes more convenient to use, especially if the program is not made to be a daemon by itself.

Juha