On Wed, 26.05.10 19:54, Nicolas Mailhot (nicolas.mailhot(a)laposte.net) wrote:
Le mercredi 26 mai 2010 à 19:39 +0200, Alexander Boström a écrit :
> ons 2010-05-26 klockan 10:01 +0100 skrev James Findley:
>
> > It's really not at all uncommon for me to need to modify an init script.
> > There would be much rage if in order to do this I had to download the
> > SRPM, extract the init code, figure out what I needed to change, modify
> > it, recompile then install.
>
> Various ways to deal with that:
>
> 1. Change the Exec=/usr/libexec/food to
> ExecStart=/usr/local/sbin/foodwrapper
Won't work since one of the main things current scripts do is run some
code as root, and some other code as the target user.
We already cover for that. You can set "PermissionsStartOnly=yes" in the
.service file. Then, only the program specified in ExecStart= will be
started with reduced permissions (i.e. with dropped priviliges, reduced
caps, yadda yadda), and everything in ExecStartPre= and friends will run
as normal root user.
Lennart
--
Lennart Poettering Red Hat, Inc.
lennart [at] poettering [dot] net
http://0pointer.net/lennart/ GnuPG 0x1A015CC4