Suggestion from Clint is to enhance pre- and post- syntax such that the setuid and setgid stanzas can also appear in a pre-post section. If they do, these values are used rather than the "globally" specified setuid/setgid value. For example:
________________________
# this is the "global" value for setuid. If not overriden, all job processes will run as user 'foo'
setuid foo
pre-start setuid bar script
echo this runs as user 'bar'
end script
post-stop setuid baz exec echo this runs as user 'baz'
exec echo I run as user 'foo'
________________________
This is a very elegant solution to the problem. For now however, it is possible to work around the limitation by creating a separate .conf file to handle the pre/post conditions whilst running as root.
Suggestion from Clint is to enhance pre- and post- syntax such that the setuid and setgid stanzas can also appear in a pre-post section. If they do, these values are used rather than the "globally" specified setuid/setgid value. For example:
_______ _______ _______ ___
# this is the "global" value for setuid. If not overriden, all job processes will run as user 'foo'
setuid foo
pre-start setuid bar script
echo this runs as user 'bar'
end script
post-stop setuid baz exec echo this runs as user 'baz'
exec echo I run as user 'foo' _______ _______ ___
_______
This is a very elegant solution to the problem. For now however, it is possible to work around the limitation by creating a separate .conf file to handle the pre/post conditions whilst running as root.