Starting service as non root user with puppet

[Sean Murphy]

Hi,

I have an ubuntu system with some of our own services on it. I prefer
to run
these services as a non-root user.

I can control the services using upstart as a non root user and can
start and
stop the service using initctl without any problems. I'm trying to use
puppet to
start and stop these services; however, it's not obvious if it is
possible.

A suboptimal approach appears to be one in which I create a
service.conf file
in /etc/init - this service.conf file can su to the user and run the
service. I think
this is suboptimal, as it's not working with the user level control
mechanisms
that have already been designed into upstart.

So I'm wondering if there is any way to instruct puppet to
automatically become
a specific user before starting a specific service (presumably using
initctl in the
case of ubuntu).

Thoughts/pointers appreciated.

BR,
Seán.

[jcbollinger]

If you use Puppet's standard Service resource to manage your service then no, you cannot cause Puppet to assume a different user ID to execute the service management commands.  But that should not be necessary.  Which user a service runs as should be a matter of that service's configuration, not of the UID of the process that starts it.  Indeed, it is typically necessary for a privileged process to handle service startup in order to enable services to assume the correct user identity.

If your home-built services don't know how to set their own UIDs then they are deficient.  Whoever is responsible for maintaining them should be introduced to the setuid() family of functions.  In the mean time, you may have no alternative to using a wrapper of some kind (an upstart script, for instance).

Note, too, that this is not fundamentally a Puppet problem.  You will have the same issue if you want to configure your services to start automatically (as the desired user) at system startup, for instance.


John