run puppet service type with specific user

[Dieter De Meyer]

Hi,

is it possible to use the service resource type with a specific user ?

So that the service is started with that given user instead of the puppet user starting it...

Thanks.

[R.I.Pienaar]

puppet runs as root, your rc script should do the right thing and run
the service as the right user

[Dieter De Meyer]

Thanks for the reply.

I modified the rc script to run as a user.

But now I'm facing the following problem:

I have to include some nasty puppet code for adding the service before i can use the service resource type.

And the service resource type returns ok, but the service is in fact not started.

When i do it manually, it requires a password for that user.

So, I tried to manage the user with puppet and provided a password, but get the message:

Provider useradd does not support features manages_passwords; not managing attribute password 

I know this is a problem with Puppet and CentOS, but I have ruby-shadow and shadow-utils installed on my CentOS 6.0 VM.

I also don't know if this is going to help with starting the service.

I want to use the service type to start the service with a specific user, but without asking for a password.

Any help would be appreciated.

Regards.

[R.I.Pienaar]

you should use su in your script to switch users to the one the service
should run as.

consider what will happen when your server starts up? the rc script runs
and then what? ask you for a password? thats not good.

the rc script has to do what it should without interaction, its not a puppet
problem.

all you should need to do is copy the working rc script into the init.d dir
and use the service resource to enable it and ensure its running.

[Matthew Black]

Take a look at http://www.yolinux.com/TUTORIALS/LinuxTutorialInitProcess.html

I forget exactly the usage of the daemon but you need to include the functions, which is shown at the init script example. If you read that functions file it will give you an idea of how to use it to start up a service and have it run as a different user.

--
You received this message because you are subscribed to the Google Groups "Puppet Users" group.

To view this discussion on the web visit https://groups.google.com/d/msg/puppet-users/-/9sm5V3MccfoJ.

To post to this group, send email to puppet...@googlegroups.com.
To unsubscribe from this group, send email to puppet-users...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.

[Chuck Anderson]

On Sat, Sep 24, 2011 at 04:02:22PM +0100, R.I.Pienaar wrote:
>
>
> ----- Original Message -----
> > Thanks for the reply.
> >
> >
> > I modified the rc script to run as a user.
> > But now I'm facing the following problem:
> > I have to include some nasty puppet code for adding the service
> > before i can use the service resource type.
> > And the service resource type returns ok, but the service is in fact
> > not started.
> > When i do it manually, it requires a password for that user.
> > So, I tried to manage the user with puppet and provided a password,
> > but get the message:
> > Provider useradd does not support features manages_passwords; not
> > managing attribute password
> > I know this is a problem with Puppet and CentOS, but I have
> > ruby-shadow and shadow-utils installed on my CentOS 6.0 VM.
> >
> >
> > I also don't know if this is going to help with starting the service.
> > I want to use the service type to start the service with a specific
> > user, but without asking for a password.
>
> you should use su in your script to switch users to the one the service
> should run as.

Actually, runuser is better than su for use in init scripts.

[Dieter De Meyer]

Thank you all for the replies.

I will certainly look into it..