init: support dropping privileges

Reported by Evan Broder on 2010-05-28
36
This bug affects 7 people
Affects Status Importance Assigned to Milestone
upstart
Wishlist
Unassigned

Bug Description

Currently upstart gives you a wealth of options for controlling the environment a daemon is started in, letting one get by without the standard start-stop-daemon (et al.) invoke in your upstart jobs.

The one thing it doesn't seem to have, though, is the ability to drop privileges. It would be nice if upstart config files supported a

  user www-data

which would setuid to www-data before executing the daemon. That option should probably also initialize the gid and group vector of the daemon, possibly with additional options to override either the gid or group vector.

Related branches

It's most likely that "user" will be reserved for running jobs as a given user with a full PAM session.

"setuid" might be more appropriate for your example

Changed in upstart:
status: New → Triaged
importance: Undecided → Wishlist
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Duplicates of this bug

Other bug subscribers