Пользователи, группы...

[aceventura]

добрый день. подскажите, никак не найду, как запустить приложение (службу) (пример - privoxy) не от рута, а от другого пользователя, если в самом приложении такой настройки нет? в файле /etc/init.d/S24privoxy и других нет такой настройки... например systemd юнитах это  как-то так [service] USER=privoxy GROUP privoxy; а как это сделать в entware?

Изменено 19 августа, 2021 пользователем Hotery

[TheBB]

privoxy --help

~ # chmod 666 /opt/etc/privoxy/config 
~ # 
~ # chmod 666 /opt/var/log/privoxy.log 
~ # 
~ # /opt/etc/init.d/S24privoxy start
 Starting privoxy...              done. 
~ # 
~ # /opt/etc/init.d/S24privoxy status
 Checking privoxy...              alive. 
~ # 
~ # ps | grep -v grep | grep priv
20658 test      3980 S    privoxy --user test /opt/etc/privoxy/config
~ # 

---

через обёртку

~ # 
~ # id test
uid=10(test) gid=10(test) groups=10(test)
~ # 
~ # /opt/etc/init.d/S24privoxy stop
 Checking privoxy...              alive. 
 Shutting down privoxy...              done. 
~ # 
~ # ps | grep -v grep | grep priv
~ # 
~ # privoxy-su /opt/etc/privoxy/config 
~ # 
~ # ps | grep -v grep | grep priv
21646 test      3844 S    privoxy /opt/etc/privoxy/config
~ # 
~ # /opt/etc/init.d/S24privoxy status
 Checking privoxy...              alive. 
~ # 
~ # cat /opt/bin/privoxy-su 
#!/opt/bin/sh

exec su test -p -c "privoxy $1 $2 $3 $4"
~ # 

===

чтоб два раза не вставать - обратный финт ушами...

/opt $ id
uid=10000(tester) gid=10000(tester) groups=10000(tester)
/opt $ 
/opt $ /opt/etc/init.d/S24privoxy status
 Checking privoxy...              dead. 
/opt $ 
/opt $ privoxy-su /opt/etc/privoxy/config
/opt $ 
/opt $ /opt/etc/init.d/S24privoxy status
 Checking privoxy...              alive. 
/opt $ 
~ # cat /opt/bin/privoxy-su 
#!/opt/bin/sh -x

exec echo keenetic | su -p -m root -c "/opt/sbin/privoxy $1 $2 $3 $4"
~ # 

 

Изменено 19 августа, 2021 пользователем TheBB
add2

[aceventura]

спасибо! чтот застрял...

cat /opt/usr/sbin/privoxy-su

#!/opt/bin/sh

su privoxy -p -c "privoxy $1 $2 $3 $4"

так запускается: privoxy-su /opt/etc/privoxy (процесс в ps w есть)

а если в /opt/etc/init.d/S24privoxy написать PROCS=privoxy-su - не запускается

~ # /opt/etc/init.d/S24privoxy start
 Starting privoxy-su...              failed.

кажется оно не уходит в background... присобачил перед "su ..." sudo -b" и заработало но наверно как-то криво. как правильно?

 

[TheBB]

1 час назад, Hotery сказал:

как правильно?

правильно - через ключ "--user"

---

~ # 
~ # /opt/etc/init.d/S24privoxy start
 Starting privoxy...              done. 
~ # 
~ # /opt/etc/init.d/S24privoxy status
 Checking privoxy...              alive. 
~ # 
~ # ps | grep -v grep | grep priv
15059 root      3844 S    privoxy /opt/etc/privoxy/config
~ # 
~ # /opt/etc/init.d/S24privoxy stop
 Checking privoxy...              alive. 
 Shutting down privoxy...              done. 
~ # 
~ # chown -R privoxy:privoxy /opt/etc/privoxy
~ # 
~ # chown privoxy:privoxy /opt/var/log/privoxy.log 
~ # 
~ # /opt/etc/init.d/S24privoxy start
 Starting privoxy...              done. 
~ # 
~ # /opt/etc/init.d/S24privoxy status
 Checking privoxy...              alive. 
~ # 
~ # ps | grep -v grep | grep priv
15164 privoxy   3980 S    privoxy --user privoxy /opt/etc/privoxy/config
~ #

===

~ # start-stop-daemon 
BusyBox v1.33.1 (2021-07-08 20:18:22 UTC) multi-call binary.

Usage: start-stop-daemon [OPTIONS] [-S|-K] ... [-- ARGS...]

Search for matching processes, and then
-K: stop all matching processes
-S: start a process unless a matching process is found

Process matching:
	-u USERNAME|UID	Match only this user's processes
	-n NAME		Match processes with NAME
			in comm field in /proc/PID/stat
	-x EXECUTABLE	Match processes with this command
			in /proc/PID/cmdline
	-p FILE		Match a process with PID from FILE
	All specified conditions must match
-S only:
	-x EXECUTABLE	Program to run
	-a NAME		Zeroth argument
	-b		Background
	-c USER[:[GRP]]	Change user/group
	-m		Write PID to pidfile specified by -p
-K only:
	-s SIG		Signal to send
	-t		Match only, exit with 0 if found
Other:
	-q		Quiet
~ #

 

Изменено 19 августа, 2021 пользователем TheBB
add2

[TheBB]

16 часов назад, Hotery сказал:

спасибо! чтот застрял...

Это всего лишь вариации на тему...

~ # /opt/etc/init.d/S20privoxy start
starting privoxy
~ # /opt/etc/init.d/S20privoxy status
privoxy already running
~ # /opt/etc/init.d/S20privoxy restart
stopping privoxy
starting privoxy
~ # /opt/etc/init.d/S20privoxy check
privoxy already running
~ # ps | grep -v grep | grep priv
31153 privoxy   3844 S    /opt/sbin/privoxy --pidfile /opt/tmp/privoxy.pid /opt/etc/privoxy/config
~ # /opt/etc/init.d/S20privoxy stop
stopping privoxy
~ # /opt/etc/init.d/S20privoxy status
privoxy is not running
~ # 

~ # 
~ # cat /opt/etc/init.d/S20privoxy 
#!/bin/sh

PATH=/opt/sbin:/opt/bin

PIDFILE="/opt/tmp/privoxy.pid"
PROGRAM="privoxy"
PROGRAM_BIN="/opt/sbin/$PROGRAM"
USER="$PROGRAM"

OK="$PROGRAM already running"
NO="$PROGRAM is not running"

status_check ()
{
	[ -f $PIDFILE ] && [ -d /proc/"$(pidof $PROGRAM)" ]
}

start()
{
	su "$USER" -m -p -c "$PROGRAM_BIN --pidfile $PIDFILE /opt/etc/privoxy/config" && echo starting $PROGRAM
}

stop()
{
	kill "$(pidof $PROGRAM)" && echo stopping $PROGRAM
}
case "$1" in
	start)
		if status_check
		then
			echo $OK
		else
			start
		fi
		;;
	stop)
		if status_check
		then
			stop
		else
			echo $NO
		fi
		;;
	check|status)
		if status_check
		then
			echo $OK
		else
			echo $NO
		fi
		;;

	restart)
		stop
		sleep 3
		start
		;;
	*)
		echo "Usage: $0 {start|stop|restart|status}"
		;;
esac
~ #

 

[TheBB]

Продолжим глумиться над пользователями, группами, правами доступа, запуском... )))

Для наглядности, запуск с отладкой - "#!/opt/bin/sh -x" (прошивочный sh так не умеет)

USER=GROUP=privoxy

Скрытый текст

~ # 
~ # 
~ # 
~ # /opt/etc/init.d/S24privoxy start
+ USER=privoxy
+ ENABLED=yes
+ PROCS=privoxy
+ . /opt/etc/init.d/protector
+ protect
+ local 'USER=privoxy'
+ local 'GROUP=privoxy'
+ HOMEDIR=/opt/tmp/privoxy
+ CONFDIR=/opt/tmp/privoxy/conf
+ LOGDIR=/opt/tmp/privoxy/log
+ LOGFILE=/opt/tmp/privoxy/log/privoxy.log
+ PIDDIR=/opt/tmp/privoxy/run
+ PIDFILE=/opt/tmp/privoxy/run/privoxy.pid
+ '[' -d /opt/tmp/privoxy ]
+ mkdir -p /opt/tmp/privoxy
+ chown privoxy:privoxy /opt/tmp/privoxy
+ '[' -d /opt/tmp/privoxy/conf ]
+ mkdir -p /opt/tmp/privoxy/conf
+ cp -R /opt/etc/privoxy/config /opt/etc/privoxy/config-opkg /opt/etc/privoxy/default.action /opt/etc/privoxy/default.filter /opt/etc/privoxy/match-all.action /opt/etc/privoxy/regression-tests.action /opt/etc/privoxy/templates /opt/etc/privoxy/user.action /opt/etc/privoxy/user.filter /opt/etc/privoxy/user.trust /opt/tmp/privoxy/conf/
+ chown -R privoxy:privoxy /opt/tmp/privoxy/conf
+ '[' -d /opt/tmp/privoxy/log ]
+ mkdir -p /opt/tmp/privoxy/log
+ touch /opt/tmp/privoxy/log/privoxy.log
+ chown -R privoxy:privoxy /opt/tmp/privoxy/log
+ chmod 644 /opt/tmp/privoxy/log/privoxy.log
+ '[' -d /opt/tmp/privoxy/run ]
+ mkdir -p /opt/tmp/privoxy/run
+ chown -R privoxy:privoxy /opt/tmp/privoxy/run
+ ARGS='--pidfile /opt/tmp/privoxy/run/privoxy.pid --user privoxy /opt/tmp/privoxy/conf/config'
+ PREARGS=
+ DESC=privoxy
+ PATH=/opt/sbin:/opt/bin
+ . /opt/etc/init.d/rc.func
+ ACTION=start
+ CALLER=
+ ansi_red='\033[1;31m'
+ ansi_white='\033[1;37m'
+ ansi_green='\033[1;32m'
+ ansi_yellow='\033[1;33m'
+ ansi_blue='\033[1;34m'
+ ansi_bell='\007'
+ ansi_blink='\033[5m'
+ ansi_std='\033[m'
+ ansi_rev='\033[7m'
+ ansi_ul='\033[4m'
+ start
+ '['  '!=' yes -a  '=' cron ]
+ '[' yes '!=' yes ]
+ echo -e -n '\033[1;37m Starting privoxy... \033[m'
 Starting privoxy... + pidof privoxy
+ '[' -n  ]
+ 
+ COUNTER=0
+ LIMIT=10
+ privoxy --pidfile /opt/tmp/privoxy/run/privoxy.pid --user privoxy /opt/tmp/privoxy/conf/config
+ pidof privoxy
+ '[' -z 27774 -a 0 -le 10 ]
+ 
+ pidof privoxy
+ '[' -z '27776 27774' ]
+ echo -e '            \033[1;32m done. \033[m'
             done. 
+ logger 'Started privoxy from .'
+ return 0
+ '[' start '=' stop ]
~ # 
~ # 
~ # ps | grep -v grep | grep priv
27776 privoxy   3984 S    privoxy --pidfile /opt/tmp/privoxy/run/privoxy.pid --user privoxy /opt/tmp/privoxy/conf/config
~ # 
~ # /opt/etc/init.d/S24privoxy status
+ USER=privoxy
+ ENABLED=yes
+ PROCS=privoxy
+ . /opt/etc/init.d/protector
+ protect
+ local 'USER=privoxy'
+ local 'GROUP=privoxy'
+ HOMEDIR=/opt/tmp/privoxy
+ CONFDIR=/opt/tmp/privoxy/conf
+ LOGDIR=/opt/tmp/privoxy/log
+ LOGFILE=/opt/tmp/privoxy/log/privoxy.log
+ PIDDIR=/opt/tmp/privoxy/run
+ PIDFILE=/opt/tmp/privoxy/run/privoxy.pid
+ '[' -d /opt/tmp/privoxy ]
+ '[' -d /opt/tmp/privoxy/conf ]
+ '[' -d /opt/tmp/privoxy/log ]
+ '[' -d /opt/tmp/privoxy/run ]
+ ARGS='--pidfile /opt/tmp/privoxy/run/privoxy.pid --user privoxy /opt/tmp/privoxy/conf/config'
+ PREARGS=
+ DESC=privoxy
+ PATH=/opt/sbin:/opt/bin
+ . /opt/etc/init.d/rc.func
+ ACTION=status
+ CALLER=
+ ansi_red='\033[1;31m'
+ ansi_white='\033[1;37m'
+ ansi_green='\033[1;32m'
+ ansi_yellow='\033[1;33m'
+ ansi_blue='\033[1;34m'
+ ansi_bell='\007'
+ ansi_blink='\033[5m'
+ ansi_std='\033[m'
+ ansi_rev='\033[7m'
+ ansi_ul='\033[4m'
+ check
+ echo -e -n '\033[1;37m Checking privoxy... '
 Checking privoxy... + pidof privoxy
+ '[' -n 27776 ]
+ echo -e '            \033[1;32m alive. \033[m'
             alive. 
+ return 0
+ '[' status '=' stop ]
~ # 
~ # /opt/etc/init.d/S24privoxy restart
+ USER=privoxy
+ ENABLED=yes
+ PROCS=privoxy
+ . /opt/etc/init.d/protector
+ protect
+ local 'USER=privoxy'
+ local 'GROUP=privoxy'
+ HOMEDIR=/opt/tmp/privoxy
+ CONFDIR=/opt/tmp/privoxy/conf
+ LOGDIR=/opt/tmp/privoxy/log
+ LOGFILE=/opt/tmp/privoxy/log/privoxy.log
+ PIDDIR=/opt/tmp/privoxy/run
+ PIDFILE=/opt/tmp/privoxy/run/privoxy.pid
+ '[' -d /opt/tmp/privoxy ]
+ '[' -d /opt/tmp/privoxy/conf ]
+ '[' -d /opt/tmp/privoxy/log ]
+ '[' -d /opt/tmp/privoxy/run ]
+ ARGS='--pidfile /opt/tmp/privoxy/run/privoxy.pid --user privoxy /opt/tmp/privoxy/conf/config'
+ PREARGS=
+ DESC=privoxy
+ PATH=/opt/sbin:/opt/bin
+ . /opt/etc/init.d/rc.func
+ ACTION=restart
+ CALLER=
+ ansi_red='\033[1;31m'
+ ansi_white='\033[1;37m'
+ ansi_green='\033[1;32m'
+ ansi_yellow='\033[1;33m'
+ ansi_blue='\033[1;34m'
+ ansi_bell='\007'
+ ansi_blink='\033[5m'
+ ansi_std='\033[m'
+ ansi_rev='\033[7m'
+ ansi_ul='\033[4m'
+ check
+ echo -e -n '\033[1;37m Checking privoxy... '
+ pidof privoxy
+ '[' -n 27776 ]
+ echo -e '            \033[1;32m alive. \033[m'
+ return 0
+ stop
+ echo -e -n '\033[1;37m Shutting down privoxy... \033[m'
 Shutting down privoxy... + killall privoxy
+ COUNTER=0
+ LIMIT=10
+ pidof privoxy
+ '[' -n  -a 0 -le 10 ]
+ pidof privoxy
+ '[' -n  ]
+ echo -e '            \033[1;32m done. \033[m'
             done. 
+ return 0
+ start
+ '['  '!=' yes -a  '=' cron ]
+ '[' yes '!=' yes ]
+ echo -e -n '\033[1;37m Starting privoxy... \033[m'
 Starting privoxy... + pidof privoxy
+ '[' -n  ]
+ 
+ COUNTER=0
+ LIMIT=10
+ privoxy --pidfile /opt/tmp/privoxy/run/privoxy.pid --user privoxy /opt/tmp/privoxy/conf/config
+ pidof privoxy
+ '[' -z 27849 -a 0 -le 10 ]
+ 
+ pidof privoxy
+ '[' -z '27851 27849' ]
+ echo -e '            \033[1;32m done. \033[m'
             done. 
+ logger 'Started privoxy from .'
+ return 0
+ '[' restart '=' stop ]
~ # 
~ # 
~ # 
~ # ps | grep -v grep | grep priv
27851 privoxy   3984 S    privoxy --pidfile /opt/tmp/privoxy/run/privoxy.pid --user privoxy /opt/tmp/privoxy/conf/config
~ # 
~ # /opt/etc/init.d/S24privoxy stop
+ USER=privoxy
+ ENABLED=yes
+ PROCS=privoxy
+ . /opt/etc/init.d/protector
+ protect
+ local 'USER=privoxy'
+ local 'GROUP=privoxy'
+ HOMEDIR=/opt/tmp/privoxy
+ CONFDIR=/opt/tmp/privoxy/conf
+ LOGDIR=/opt/tmp/privoxy/log
+ LOGFILE=/opt/tmp/privoxy/log/privoxy.log
+ PIDDIR=/opt/tmp/privoxy/run
+ PIDFILE=/opt/tmp/privoxy/run/privoxy.pid
+ '[' -d /opt/tmp/privoxy ]
+ '[' -d /opt/tmp/privoxy/conf ]
+ '[' -d /opt/tmp/privoxy/log ]
+ '[' -d /opt/tmp/privoxy/run ]
+ ARGS='--pidfile /opt/tmp/privoxy/run/privoxy.pid --user privoxy /opt/tmp/privoxy/conf/config'
+ PREARGS=
+ DESC=privoxy
+ PATH=/opt/sbin:/opt/bin
+ . /opt/etc/init.d/rc.func
+ ACTION=stop
+ CALLER=
+ ansi_red='\033[1;31m'
+ ansi_white='\033[1;37m'
+ ansi_green='\033[1;32m'
+ ansi_yellow='\033[1;33m'
+ ansi_blue='\033[1;34m'
+ ansi_bell='\007'
+ ansi_blink='\033[5m'
+ ansi_std='\033[m'
+ ansi_rev='\033[7m'
+ ansi_ul='\033[4m'
+ check
+ echo -e -n '\033[1;37m Checking privoxy... '
 Checking privoxy... + pidof privoxy
+ '[' -n 27851 ]
+ echo -e '            \033[1;32m alive. \033[m'
             alive. 
+ return 0
+ stop
+ echo -e -n '\033[1;37m Shutting down privoxy... \033[m'
 Shutting down privoxy... + killall privoxy
+ COUNTER=0
+ LIMIT=10
+ pidof privoxy
+ '[' -n  -a 0 -le 10 ]
+ pidof privoxy
+ '[' -n  ]
+ echo -e '            \033[1;32m done. \033[m'
             done. 
+ return 0
+ '[' stop '=' stop ]
+ rm -rf /opt/tmp/privoxy
~ # 
~ # 
~ # ps | grep -v grep | grep priv
~ # 

 

USER=GROUP=nobody

~ # 
~ # sed -i -e 's,^USER="privoxy",USER="nobody",' /opt/etc/init.d/S24privoxy 
~ # 

Скрытый текст

~ # 
~ # /opt/etc/init.d/S24privoxy start
+ USER=nobody
+ ENABLED=yes
+ PROCS=privoxy
+ . /opt/etc/init.d/protector
+ protect
+ local 'USER=nobody'
+ local 'GROUP=nobody'
+ HOMEDIR=/opt/tmp/privoxy
+ CONFDIR=/opt/tmp/privoxy/conf
+ LOGDIR=/opt/tmp/privoxy/log
+ LOGFILE=/opt/tmp/privoxy/log/privoxy.log
+ PIDDIR=/opt/tmp/privoxy/run
+ PIDFILE=/opt/tmp/privoxy/run/privoxy.pid
+ '[' -d /opt/tmp/privoxy ]
+ mkdir -p /opt/tmp/privoxy
+ chown nobody:nobody /opt/tmp/privoxy
+ '[' -d /opt/tmp/privoxy/conf ]
+ mkdir -p /opt/tmp/privoxy/conf
+ cp -R /opt/etc/privoxy/config /opt/etc/privoxy/config-opkg /opt/etc/privoxy/default.action /opt/etc/privoxy/default.filter /opt/etc/privoxy/match-all.action /opt/etc/privoxy/regression-tests.action /opt/etc/privoxy/templates /opt/etc/privoxy/user.action /opt/etc/privoxy/user.filter /opt/etc/privoxy/user.trust /opt/tmp/privoxy/conf/
+ chown -R nobody:nobody /opt/tmp/privoxy/conf
+ '[' -d /opt/tmp/privoxy/log ]
+ mkdir -p /opt/tmp/privoxy/log
+ touch /opt/tmp/privoxy/log/privoxy.log
+ chown -R nobody:nobody /opt/tmp/privoxy/log
+ chmod 644 /opt/tmp/privoxy/log/privoxy.log
+ '[' -d /opt/tmp/privoxy/run ]
+ mkdir -p /opt/tmp/privoxy/run
+ chown -R nobody:nobody /opt/tmp/privoxy/run
+ ARGS='--pidfile /opt/tmp/privoxy/run/privoxy.pid --user nobody /opt/tmp/privoxy/conf/config'
+ PREARGS=
+ DESC=privoxy
+ PATH=/opt/sbin:/opt/bin
+ . /opt/etc/init.d/rc.func
+ ACTION=start
+ CALLER=
+ ansi_red='\033[1;31m'
+ ansi_white='\033[1;37m'
+ ansi_green='\033[1;32m'
+ ansi_yellow='\033[1;33m'
+ ansi_blue='\033[1;34m'
+ ansi_bell='\007'
+ ansi_blink='\033[5m'
+ ansi_std='\033[m'
+ ansi_rev='\033[7m'
+ ansi_ul='\033[4m'
+ start
+ '['  '!=' yes -a  '=' cron ]
+ '[' yes '!=' yes ]
+ echo -e -n '\033[1;37m Starting privoxy... \033[m'
 Starting privoxy... + pidof privoxy
+ '[' -n  ]
+ 
+ COUNTER=0
+ LIMIT=10
+ privoxy+  --pidfilepidof privoxy
 /opt/tmp/privoxy/run/privoxy.pid --user nobody /opt/tmp/privoxy/conf/config
+ '[' -z 28028 -a 0 -le 10 ]
+ 
+ pidof privoxy
+ '[' -z '28030 28028' ]
+ echo -e '            \033[1;32m done. \033[m'
             done. 
+ logger 'Started privoxy from .'
+ return 0
+ '[' start '=' stop ]
~ # 
~ # 
~ # ps | grep -v grep | grep priv
28030 nobody    3984 S    privoxy --pidfile /opt/tmp/privoxy/run/privoxy.pid --user nobody /opt/tmp/privoxy/conf/config
~ # 
~ # /opt/etc/init.d/S24privoxy status
+ USER=nobody
+ ENABLED=yes
+ PROCS=privoxy
+ . /opt/etc/init.d/protector
+ protect
+ local 'USER=nobody'
+ local 'GROUP=nobody'
+ HOMEDIR=/opt/tmp/privoxy
+ CONFDIR=/opt/tmp/privoxy/conf
+ LOGDIR=/opt/tmp/privoxy/log
+ LOGFILE=/opt/tmp/privoxy/log/privoxy.log
+ PIDDIR=/opt/tmp/privoxy/run
+ PIDFILE=/opt/tmp/privoxy/run/privoxy.pid
+ '[' -d /opt/tmp/privoxy ]
+ '[' -d /opt/tmp/privoxy/conf ]
+ '[' -d /opt/tmp/privoxy/log ]
+ '[' -d /opt/tmp/privoxy/run ]
+ ARGS='--pidfile /opt/tmp/privoxy/run/privoxy.pid --user nobody /opt/tmp/privoxy/conf/config'
+ PREARGS=
+ DESC=privoxy
+ PATH=/opt/sbin:/opt/bin
+ . /opt/etc/init.d/rc.func
+ ACTION=status
+ CALLER=
+ ansi_red='\033[1;31m'
+ ansi_white='\033[1;37m'
+ ansi_green='\033[1;32m'
+ ansi_yellow='\033[1;33m'
+ ansi_blue='\033[1;34m'
+ ansi_bell='\007'
+ ansi_blink='\033[5m'
+ ansi_std='\033[m'
+ ansi_rev='\033[7m'
+ ansi_ul='\033[4m'
+ check
+ echo -e -n '\033[1;37m Checking privoxy... '
 Checking privoxy... + pidof privoxy
+ '[' -n 28030 ]
+ echo -e '            \033[1;32m alive. \033[m'
             alive. 
+ return 0
+ '[' status '=' stop ]
~ # 
~ # /opt/etc/init.d/S24privoxy restart
+ USER=nobody
+ ENABLED=yes
+ PROCS=privoxy
+ . /opt/etc/init.d/protector
+ protect
+ local 'USER=nobody'
+ local 'GROUP=nobody'
+ HOMEDIR=/opt/tmp/privoxy
+ CONFDIR=/opt/tmp/privoxy/conf
+ LOGDIR=/opt/tmp/privoxy/log
+ LOGFILE=/opt/tmp/privoxy/log/privoxy.log
+ PIDDIR=/opt/tmp/privoxy/run
+ PIDFILE=/opt/tmp/privoxy/run/privoxy.pid
+ '[' -d /opt/tmp/privoxy ]
+ '[' -d /opt/tmp/privoxy/conf ]
+ '[' -d /opt/tmp/privoxy/log ]
+ '[' -d /opt/tmp/privoxy/run ]
+ ARGS='--pidfile /opt/tmp/privoxy/run/privoxy.pid --user nobody /opt/tmp/privoxy/conf/config'
+ PREARGS=
+ DESC=privoxy
+ PATH=/opt/sbin:/opt/bin
+ . /opt/etc/init.d/rc.func
+ ACTION=restart
+ CALLER=
+ ansi_red='\033[1;31m'
+ ansi_white='\033[1;37m'
+ ansi_green='\033[1;32m'
+ ansi_yellow='\033[1;33m'
+ ansi_blue='\033[1;34m'
+ ansi_bell='\007'
+ ansi_blink='\033[5m'
+ ansi_std='\033[m'
+ ansi_rev='\033[7m'
+ ansi_ul='\033[4m'
+ check
+ echo -e -n '\033[1;37m Checking privoxy... '
+ pidof privoxy
+ '[' -n 28030 ]
+ echo -e '            \033[1;32m alive. \033[m'
+ return 0
+ stop
+ echo -e -n '\033[1;37m Shutting down privoxy... \033[m'
 Shutting down privoxy... + killall privoxy
+ COUNTER=0
+ LIMIT=10
+ pidof privoxy
+ '[' -n  -a 0 -le 10 ]
+ pidof privoxy
+ '[' -n  ]
+ echo -e '            \033[1;32m done. \033[m'
             done. 
+ return 0
+ start
+ '['  '!=' yes -a  '=' cron ]
+ '[' yes '!=' yes ]
+ echo -e -n '\033[1;37m Starting privoxy... \033[m'
 Starting privoxy... + pidof privoxy
+ '[' -n  ]
+ 
+ COUNTER=0
+ LIMIT=10
+ privoxy --pidfile /opt/tmp/privoxy/run/privoxy.pid --user nobody /opt/tmp/privoxy/conf/config
+ pidof privoxy
+ '[' -z 28077 -a 0 -le 10 ]
+ 
+ pidof privoxy
+ '[' -z '28079 28077' ]
+ echo -e '            \033[1;32m done. \033[m'
             done. 
+ logger 'Started privoxy from .'
+ return 0
+ '[' restart '=' stop ]
~ # 
~ # 
~ # ps | grep -v grep | grep priv
28079 nobody    3984 S    privoxy --pidfile /opt/tmp/privoxy/run/privoxy.pid --user nobody /opt/tmp/privoxy/conf/config
~ # 
~ # /opt/etc/init.d/S24privoxy stop
+ USER=nobody
+ ENABLED=yes
+ PROCS=privoxy
+ . /opt/etc/init.d/protector
+ protect
+ local 'USER=nobody'
+ local 'GROUP=nobody'
+ HOMEDIR=/opt/tmp/privoxy
+ CONFDIR=/opt/tmp/privoxy/conf
+ LOGDIR=/opt/tmp/privoxy/log
+ LOGFILE=/opt/tmp/privoxy/log/privoxy.log
+ PIDDIR=/opt/tmp/privoxy/run
+ PIDFILE=/opt/tmp/privoxy/run/privoxy.pid
+ '[' -d /opt/tmp/privoxy ]
+ '[' -d /opt/tmp/privoxy/conf ]
+ '[' -d /opt/tmp/privoxy/log ]
+ '[' -d /opt/tmp/privoxy/run ]
+ ARGS='--pidfile /opt/tmp/privoxy/run/privoxy.pid --user nobody /opt/tmp/privoxy/conf/config'
+ PREARGS=
+ DESC=privoxy
+ PATH=/opt/sbin:/opt/bin
+ . /opt/etc/init.d/rc.func
+ ACTION=stop
+ CALLER=
+ ansi_red='\033[1;31m'
+ ansi_white='\033[1;37m'
+ ansi_green='\033[1;32m'
+ ansi_yellow='\033[1;33m'
+ ansi_blue='\033[1;34m'
+ ansi_bell='\007'
+ ansi_blink='\033[5m'
+ ansi_std='\033[m'
+ ansi_rev='\033[7m'
+ ansi_ul='\033[4m'
+ check
+ echo -e -n '\033[1;37m Checking privoxy... '
 Checking privoxy... + pidof privoxy
+ '[' -n 28079 ]
+ echo -e '            \033[1;32m alive. \033[m'
             alive. 
+ return 0
+ stop
+ echo -e -n '\033[1;37m Shutting down privoxy... \033[m'
 Shutting down privoxy... + killall privoxy
+ COUNTER=0
+ LIMIT=10
+ pidof privoxy
+ '[' -n  -a 0 -le 10 ]
+ pidof privoxy
+ '[' -n  ]
+ echo -e '            \033[1;32m done. \033[m'
             done. 
+ return 0
+ '[' stop '=' stop ]
+ rm -rf /opt/tmp/privoxy
~ # 
~ # 
~ # ps | grep -v grep | grep priv
~ # 

 

USER=GROUP=www

~ # 
~ # sed -i -e 's,nobody,www,' /opt/etc/init.d/S24privoxy 
~ # 

Скрытый текст

~ # 
~ # /opt/etc/init.d/S24privoxy start
+ USER=www
+ ENABLED=yes
+ PROCS=privoxy
+ . /opt/etc/init.d/protector
+ protect
+ local 'USER=www'
+ local 'GROUP=www'
+ HOMEDIR=/opt/tmp/privoxy
+ CONFDIR=/opt/tmp/privoxy/conf
+ LOGDIR=/opt/tmp/privoxy/log
+ LOGFILE=/opt/tmp/privoxy/log/privoxy.log
+ PIDDIR=/opt/tmp/privoxy/run
+ PIDFILE=/opt/tmp/privoxy/run/privoxy.pid
+ '[' -d /opt/tmp/privoxy ]
+ mkdir -p /opt/tmp/privoxy
+ chown www:www /opt/tmp/privoxy
+ '[' -d /opt/tmp/privoxy/conf ]
+ mkdir -p /opt/tmp/privoxy/conf
+ cp -R /opt/etc/privoxy/config /opt/etc/privoxy/config-opkg /opt/etc/privoxy/default.action /opt/etc/privoxy/default.filter /opt/etc/privoxy/match-all.action /opt/etc/privoxy/regression-tests.action /opt/etc/privoxy/templates /opt/etc/privoxy/user.action /opt/etc/privoxy/user.filter /opt/etc/privoxy/user.trust /opt/tmp/privoxy/conf/
+ chown -R www:www /opt/tmp/privoxy/conf
+ '[' -d /opt/tmp/privoxy/log ]
+ mkdir -p /opt/tmp/privoxy/log
+ touch /opt/tmp/privoxy/log/privoxy.log
+ chown -R www:www /opt/tmp/privoxy/log
+ chmod 644 /opt/tmp/privoxy/log/privoxy.log
+ '[' -d /opt/tmp/privoxy/run ]
+ mkdir -p /opt/tmp/privoxy/run
+ chown -R www:www /opt/tmp/privoxy/run
+ ARGS='--pidfile /opt/tmp/privoxy/run/privoxy.pid --user www /opt/tmp/privoxy/conf/config'
+ PREARGS=
+ DESC=privoxy
+ PATH=/opt/sbin:/opt/bin
+ . /opt/etc/init.d/rc.func
+ ACTION=start
+ CALLER=
+ ansi_red='\033[1;31m'
+ ansi_white='\033[1;37m'
+ ansi_green='\033[1;32m'
+ ansi_yellow='\033[1;33m'
+ ansi_blue='\033[1;34m'
+ ansi_bell='\007'
+ ansi_blink='\033[5m'
+ ansi_std='\033[m'
+ ansi_rev='\033[7m'
+ ansi_ul='\033[4m'
+ start
+ '['  '!=' yes -a  '=' cron ]
+ '[' yes '!=' yes ]
+ echo -e -n '\033[1;37m Starting privoxy... \033[m'
 Starting privoxy... + pidof privoxy
+ '[' -n  ]
+ 
+ COUNTER=0
+ LIMIT=10
+ pidof privoxy+ privoxy --pidfile /opt/tmp/privoxy/run/privoxy.pid --user www /opt/tmp/privoxy/conf/config

+ '[' -z 28182 -a 0 -le 10 ]
+ 
+ pidof privoxy
+ '[' -z 28182 ]
+ echo -e '            \033[1;32m done. \033[m'
             done. 
+ logger 'Started privoxy from .'
+ return 0
+ '[' start '=' stop ]
~ # 
~ # ps | grep -v grep | grep priv
28185 www       3984 S    privoxy --pidfile /opt/tmp/privoxy/run/privoxy.pid --user www /opt/tmp/privoxy/conf/config
~ # 
~ # /opt/etc/init.d/S24privoxy status
+ USER=www
+ ENABLED=yes
+ PROCS=privoxy
+ . /opt/etc/init.d/protector
+ protect
+ local 'USER=www'
+ local 'GROUP=www'
+ HOMEDIR=/opt/tmp/privoxy
+ CONFDIR=/opt/tmp/privoxy/conf
+ LOGDIR=/opt/tmp/privoxy/log
+ LOGFILE=/opt/tmp/privoxy/log/privoxy.log
+ PIDDIR=/opt/tmp/privoxy/run
+ PIDFILE=/opt/tmp/privoxy/run/privoxy.pid
+ '[' -d /opt/tmp/privoxy ]
+ '[' -d /opt/tmp/privoxy/conf ]
+ '[' -d /opt/tmp/privoxy/log ]
+ '[' -d /opt/tmp/privoxy/run ]
+ ARGS='--pidfile /opt/tmp/privoxy/run/privoxy.pid --user www /opt/tmp/privoxy/conf/config'
+ PREARGS=
+ DESC=privoxy
+ PATH=/opt/sbin:/opt/bin
+ . /opt/etc/init.d/rc.func
+ ACTION=status
+ CALLER=
+ ansi_red='\033[1;31m'
+ ansi_white='\033[1;37m'
+ ansi_green='\033[1;32m'
+ ansi_yellow='\033[1;33m'
+ ansi_blue='\033[1;34m'
+ ansi_bell='\007'
+ ansi_blink='\033[5m'
+ ansi_std='\033[m'
+ ansi_rev='\033[7m'
+ ansi_ul='\033[4m'
+ check
+ echo -e -n '\033[1;37m Checking privoxy... '
 Checking privoxy... + pidof privoxy
+ '[' -n 28185 ]
+ echo -e '            \033[1;32m alive. \033[m'
             alive. 
+ return 0
+ '[' status '=' stop ]
~ # 
~ # /opt/etc/init.d/S24privoxy restart
+ USER=www
+ ENABLED=yes
+ PROCS=privoxy
+ . /opt/etc/init.d/protector
+ protect
+ local 'USER=www'
+ local 'GROUP=www'
+ HOMEDIR=/opt/tmp/privoxy
+ CONFDIR=/opt/tmp/privoxy/conf
+ LOGDIR=/opt/tmp/privoxy/log
+ LOGFILE=/opt/tmp/privoxy/log/privoxy.log
+ PIDDIR=/opt/tmp/privoxy/run
+ PIDFILE=/opt/tmp/privoxy/run/privoxy.pid
+ '[' -d /opt/tmp/privoxy ]
+ '[' -d /opt/tmp/privoxy/conf ]
+ '[' -d /opt/tmp/privoxy/log ]
+ '[' -d /opt/tmp/privoxy/run ]
+ ARGS='--pidfile /opt/tmp/privoxy/run/privoxy.pid --user www /opt/tmp/privoxy/conf/config'
+ PREARGS=
+ DESC=privoxy
+ PATH=/opt/sbin:/opt/bin
+ . /opt/etc/init.d/rc.func
+ ACTION=restart
+ CALLER=
+ ansi_red='\033[1;31m'
+ ansi_white='\033[1;37m'
+ ansi_green='\033[1;32m'
+ ansi_yellow='\033[1;33m'
+ ansi_blue='\033[1;34m'
+ ansi_bell='\007'
+ ansi_blink='\033[5m'
+ ansi_std='\033[m'
+ ansi_rev='\033[7m'
+ ansi_ul='\033[4m'
+ check
+ echo -e -n '\033[1;37m Checking privoxy... '
+ pidof privoxy
+ '[' -n 28185 ]
+ echo -e '            \033[1;32m alive. \033[m'
+ return 0
+ stop
+ echo -e -n '\033[1;37m Shutting down privoxy... \033[m'
 Shutting down privoxy... + killall privoxy
+ COUNTER=0
+ LIMIT=10
+ pidof privoxy
+ '[' -n  -a 0 -le 10 ]
+ pidof privoxy
+ '[' -n  ]
+ echo -e '            \033[1;32m done. \033[m'
             done. 
+ return 0
+ start
+ '['  '!=' yes -a  '=' cron ]
+ '[' yes '!=' yes ]
+ echo -e -n '\033[1;37m Starting privoxy... \033[m'
 Starting privoxy... + pidof privoxy
+ '[' -n  ]
+ 
+ COUNTER=0
+ LIMIT=10
+ privoxy --pidfile /opt/tmp/privoxy/run/privoxy.pid --user www /opt/tmp/privoxy/conf/config
+ pidof privoxy
+ '[' -z 28233 -a 0 -le 10 ]
+ 
+ pidof privoxy
+ '[' -z '28235 28233' ]
+ echo -e '            \033[1;32m done. \033[m'
             done. 
+ logger 'Started privoxy from .'
+ return 0
+ '[' restart '=' stop ]
~ # 
~ # 
~ # ps | grep -v grep | grep priv
28235 www       3984 S    privoxy --pidfile /opt/tmp/privoxy/run/privoxy.pid --user www /opt/tmp/privoxy/conf/config
~ # 
~ # 
~ # /opt/etc/init.d/S24privoxy stop
+ USER=www
+ ENABLED=yes
+ PROCS=privoxy
+ . /opt/etc/init.d/protector
+ protect
+ local 'USER=www'
+ local 'GROUP=www'
+ HOMEDIR=/opt/tmp/privoxy
+ CONFDIR=/opt/tmp/privoxy/conf
+ LOGDIR=/opt/tmp/privoxy/log
+ LOGFILE=/opt/tmp/privoxy/log/privoxy.log
+ PIDDIR=/opt/tmp/privoxy/run
+ PIDFILE=/opt/tmp/privoxy/run/privoxy.pid
+ '[' -d /opt/tmp/privoxy ]
+ '[' -d /opt/tmp/privoxy/conf ]
+ '[' -d /opt/tmp/privoxy/log ]
+ '[' -d /opt/tmp/privoxy/run ]
+ ARGS='--pidfile /opt/tmp/privoxy/run/privoxy.pid --user www /opt/tmp/privoxy/conf/config'
+ PREARGS=
+ DESC=privoxy
+ PATH=/opt/sbin:/opt/bin
+ . /opt/etc/init.d/rc.func
+ ACTION=stop
+ CALLER=
+ ansi_red='\033[1;31m'
+ ansi_white='\033[1;37m'
+ ansi_green='\033[1;32m'
+ ansi_yellow='\033[1;33m'
+ ansi_blue='\033[1;34m'
+ ansi_bell='\007'
+ ansi_blink='\033[5m'
+ ansi_std='\033[m'
+ ansi_rev='\033[7m'
+ ansi_ul='\033[4m'
+ check
+ echo -e -n '\033[1;37m Checking privoxy... '
 Checking privoxy... + pidof privoxy
+ '[' -n 28235 ]
+ echo -e '            \033[1;32m alive. \033[m'
             alive. 
+ return 0
+ stop
+ echo -e -n '\033[1;37m Shutting down privoxy... \033[m'
 Shutting down privoxy... + killall privoxy
+ COUNTER=0
+ LIMIT=10
+ pidof privoxy
+ '[' -n  -a 0 -le 10 ]
+ pidof privoxy
+ '[' -n  ]
+ echo -e '            \033[1;32m done. \033[m'
             done. 
+ return 0
+ '[' stop '=' stop ]
+ rm -rf /opt/tmp/privoxy
~ # 
~ # 

 

~ # 
~ # cat /opt/etc/init.d/S24privoxy 
#!/opt/bin/sh -x

USER="www"

ENABLED=yes
PROCS=privoxy

. /opt/etc/init.d/protector

ARGS="--pidfile $PIDFILE --user $USER $CONFDIR/config"
PREARGS=""
DESC=$PROCS
PATH=/opt/sbin:/opt/bin

. /opt/etc/init.d/rc.func

[ "$ACTION" = "stop" ] && rm -rf "$HOMEDIR"
~ # 
~ #

~ # 
~ # cat /opt/etc/init.d/protector 
# test protector

protect() {

local USER="$USER"
local GROUP="$USER"
HOMEDIR="/opt/tmp/$PROCS"
CONFDIR="$HOMEDIR/conf"
LOGDIR="$HOMEDIR/log"
LOGFILE="$LOGDIR/$PROCS.log"
PIDDIR="$HOMEDIR/run"
PIDFILE="$PIDDIR/$PROCS.pid"

    [ -d "$HOMEDIR" ] || {
        mkdir -p "$HOMEDIR"
        chown "$USER":"$GROUP" "$HOMEDIR"
    }

    [ -d "$CONFDIR" ] || {
        mkdir -p "$CONFDIR"
        cp -R /opt/etc/"$PROCS"/* "$CONFDIR"/
        chown -R "$USER":"$GROUP" "$CONFDIR"
    }

    [ -d "$LOGDIR" ] || {
        mkdir -p "$LOGDIR"
        touch "$LOGFILE"
        chown -R "$USER":"$GROUP" "$LOGDIR"
        chmod 644 "$LOGFILE"
    }

    [ -d "$PIDDIR" ] || {
        mkdir -p "$PIDDIR"
        chown -R "$USER":"$GROUP" "$PIDDIR"
    }
}

protect
~ # 

! не руководство к действию, а информация к размышлению !

Если предусмотрено конфигами (php-fpm, nginx, ...) или ключами (privixy, ...), этим и надо пользоваться.

[TheBB]

~ # ls -1 /opt/lib/opkg/info/*.control | wc -l
751
~ #

"ахтунг", 751 файл, откуда стока набралось...

~ # 
~ # cat /opt/etc/passwd-draft 
root:$1$qIcnZlor$aUMGvS6VL7brlpSxLZO1y0:0:0:Root:/opt/root:/opt/bin/sh
nobody:*:65534:65534:user "nobody"::/opt/bin/nologin
~ # 
~ # cat /opt/etc/group-draft 
root:*:0:root
nobody:*:65534:nobody
~ #

юзверей и групп маловато будет для такого

~ # 
~ # time sh ./ug.sh 
	Adding a new ntp group with an ID 123
	Adding a new ntp user with an ID 123
	Adding a new domoticz group with an ID 6144
	Adding a new domoticz user with an ID 6144
	Adding a new git group with an ID 382
	Adding a new git user with an ID 382
	Adding a new icecast group with an ID 87
	Adding a new icecast user with an ID 87
	Adding a new mosquitto group with an ID 200
	Adding a new mosquitto user with an ID 200
	The mosquitto group already exists
	The mosquitto user already exists
	Adding a new mpd group with an ID 65536
	Adding a new mpd user with an ID 65536
	Adding a new sshd group with an ID 22
	Adding a new sshd user with an ID 22
	Adding a new pulse group with an ID 51
	Adding a new pulse user with an ID 51
	Adding a new transmission group with an ID 224
	Adding a new transmission user with an ID 224
real	0m 1.22s
user	0m 0.71s
sys	0m 0.42s
~ # 

шустро, однако.

~ # 
~ # cat /opt/etc/passwd-draft 
root:$1$qIcnZlor$aUMGvS6VL7brlpSxLZO1y0:0:0:Root:/opt/root:/opt/bin/sh
nobody:*:65534:65534:user "nobody"::/opt/bin/nologin
ntp:x:123:123:user "ntp"::/opt/bin/false
domoticz:x:6144:6144:user "domoticz"::/opt/bin/false
git:x:382:382:user "git"::/opt/bin/false
icecast:x:87:87:user "icecast"::/opt/bin/false
mosquitto:x:200:200:user "mosquitto"::/opt/bin/false
mpd:x:65536:65536:user "mpd"::/opt/bin/false
sshd:x:22:22:user "sshd"::/opt/bin/false
pulse:x:51:51:user "pulse"::/opt/bin/false
transmission:x:224:224:user "transmission"::/opt/bin/false
~ # 
~ # cat /opt/etc/group-draft 
root:*:0:root
nobody:*:65534:nobody
ntp:x:123:
domoticz:x:6144:
git:x:382:
icecast:x:87:
mosquitto:x:200:
mpd:x:65536:
sshd:x:22:
pulse:x:51:
transmission:x:224:
~ # 

ну, вот, другое дело.

и исчё разок:

~ # 
~ # time sh ./ug.sh 
	The ntp group already exists
	The ntp user already exists
	The domoticz group already exists
	The domoticz user already exists
	The git group already exists
	The git user already exists
	The icecast group already exists
	The icecast user already exists
	The mosquitto group already exists
	The mosquitto user already exists
	The mosquitto group already exists
	The mosquitto user already exists
	The mpd group already exists
	The mpd user already exists
	The sshd group already exists
	The sshd user already exists
	The pulse group already exists
	The pulse user already exists
	The transmission group already exists
	The transmission user already exists
real	0m 1.08s
user	0m 0.65s
sys	0m 0.36s
~ # 

больше не хотить...

велокостыль:

Скрытый текст

~ # cat ug.sh

#!/bin/sh

### USERID:=${user-name}=${user-id}:${group-name}=${group-id}
### /opt/etc/group: ${group-name}:(groupe-password):${groupe-id}:${includes}
### /opt/etc/passwd: ${user-name}:(user-password):${user-id}:${groupe-id}:${user-description}:${user-home}:${user-shell}

### colors ###
ansi_std="\033[0m"
ansi_white="\033[1;37m"

### paths to files ###
FILE_GROUP="/opt/etc/group"
FILE_PASSWD="/opt/etc/passwd"

grep '^Require-User' /opt/lib/opkg/info/*.control | cut -d' ' -f2 | while IFS= read -r line
  do
    ### group name
    grpname=$(echo "${line}" | cut -d: -f2 | cut -d= -f1)
    ### group id
    grpid=$(echo "${line}" | cut -d: -f2 | cut -d= -f2)
    ### user name
    usrname=$(echo "${line}" | cut -d: -f1 | cut -d= -f1)
    ### user id
    usrid=$(echo "${line}" | cut -d: -f1 | cut -d= -f2)
    ### if ${group-id} empty
    if [ "$grpname" = "$grpid" ]; then
        gids=$(cut -d: -f3 $FILE_GROUP)
        g_id=65536
        while echo "$gids" | grep -q $g_id; do
            g_id=$((g_id + 1))
        done
        grpid=$g_id
    fi
    ### if ${user-id} empty
    if [ "$usrname" = "$usrid" ]; then
        uids=$(cut -d: -f3 $FILE_PASSWD)
        u_id=65536
        while echo "$uids" | grep -q $u_id; do
            u_id=$((u_id + 1))
        done
        usrid=$u_id
    fi
    ### check/add group
    if grep -q "$grpname" $FILE_GROUP; then
        printf "\tThe $ansi_white%s$ansi_std group already exists\n" "$grpname"
    else
        printf "\tAdding a new $ansi_white%s$ansi_std group with an ID $ansi_white%s$ansi_std\n" "$grpname" "$grpid"
        echo "$grpname:x:$grpid:" >> $FILE_GROUP
    fi
    ### check/add user
    if grep -q "$usrname" $FILE_PASSWD; then
        printf "\tThe $ansi_white%s$ansi_std user already exists\n" "$usrname"
    else
        printf "\tAdding a new $ansi_white%s$ansi_std user with an ID $ansi_white%s$ansi_std\n" "$usrname" "$usrid"
        echo "$usrname:x:$usrid:$grpid:user \"$usrname\"::/opt/bin/false" >> $FILE_PASSWD
    fi
done

 

 

[Meccep45]

я так запустил. добавил sudo -u nobody -g nobody и права выдал на каталоги.

#!/bin/sh

ENABLED=yes
PROCS=redis-server
ARGS="/opt/etc/redis.conf"
PREARGS="sudo -u nobody -g nobody"
DESC=$PROCS
PATH=/opt/sbin:/opt/bin:/opt/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin

. /opt/etc/init.d/rc.func