[gentoo-user] share control rights to a daemon by both root and another user

[gentoo-user] share control rights to a daemon by both root and another user

[zhangweiwu]

Me as root user of a server wish to share the control privilege (to
start and stop) a daemon with another non-root user and find it
difficult. The requirement: 1) either me or him can start the daemon
then stop it; 2) he can stop the daemon started by me; 3) I can stop the
daemon started by him.

3) is very easy because I am root; 1) is also easy, difficult part is 2).

I first thought of setting the process suid and make him owner of the
executable. However I found if I do so, the process starts with his
privilege while belonging to me, he could not signal the processes of mine.

Is the requirement 2 possible with Linux? How?

If the problem can be solved giving the setting two users both are not
root, the solution would be even more preferable.

Thanks in advance!

-- 
Real Softservice

Huateng Tower, Unit 1788
Jia 302 3rd area of Jinsong, Chao Yang

Tel: +86 (10) 8773 0650 ext 603
Mobile: 159 1111 7382
http://www.realss.com

Re: [gentoo-user] share control rights to a daemon by both root and another user

[Daniel Troeder]

[-- Attachment #1: Type: text/plain, Size: 1149 bytes --]

Am Sonntag, den 08.02.2009, 23:59 +0800 schrieb zhangweiwu@realss.com:
> Me as root user of a server wish to share the control privilege (to
> start and stop) a daemon with another non-root user and find it
> difficult. The requirement: 1) either me or him can start the daemon
> then stop it; 2) he can stop the daemon started by me; 3) I can stop the
> daemon started by him.
> 
> 3) is very easy because I am root; 1) is also easy, difficult part is 2).
> 
> I first thought of setting the process suid and make him owner of the
> executable. However I found if I do so, the process starts with his
> privilege while belonging to me, he could not signal the processes of mine.
> 
> Is the requirement 2 possible with Linux? How?
> 
> If the problem can be solved giving the setting two users both are not
> root, the solution would be even more preferable.
> 
> Thanks in advance!
> 
Hello :)

You can use app-admin/sudo to achieve your goal. It can be configured to
allow certain users to execute certain commands as other users (possibly
root). You can even restrict the allowed arguments to a command.

Bye,
Daniel

[-- Attachment #2: Dies ist ein digital signierter Nachrichtenteil --]
[-- Type: application/pgp-signature, Size: 197 bytes --]

Re: [gentoo-user] share control rights to a daemon by both root and another user

[zhangweiwu]

Daniel Troeder schrieb:
> Hello :)
> 
> You can use app-admin/sudo to achieve your goal. It can be configured to
> allow certain users to execute certain commands as other users (possibly
> root). You can even restrict the allowed arguments to a command.

Hi. Thanks for that suggestion. I am thinking I need to add a
configuration in sudo that everyone in "fetch" group (who can run the
daemon) should be able to sudo and run the daemon. I'll try it later.