=== DingoSaar_ is now known as DingoSaar
durka42hi. what's the right way to write an upstart conf that runs my service as a specific user?19:53
durka42I am using "setuid" and "setgid", but some strange things are happening with USB device access that make me think perhaps I'm doing it wrong19:53
JanCdurka42: some things also require a login session (I think there is something about that in the cookbook--see topic)21:06
durka42JanC: I'm a little confused, the cookbook has section 11.43.1 about how to "Run a job as a different user", which is what I want to21:19
durka42but that eventually links to section 4.2.3, which actually doesn't explain at all how to run a job as a different user21:19
durka42is there a better guide?21:19
durka42it sort of says I should "arrange for `init --user` to be run", but I have no idea how to do that21:21
JanC--user is for running upstart as a session daemon after login21:30
durka42but "run a job as different user" links to "user job" which links to "session job"21:31
durka42which says I need session daemon21:31
durka42but doesn't explain how to solve the original problem :)21:31
durka42I guess a session daemon executes all jobs as the user that owns the session21:33
durka42but would those jobs still be managed using 'service'? and if not, how? also, this is a headless machine where I don't want to have to log in21:34
JanChttp://upstart.ubuntu.com/cookbook/#run-a-job-as-a-different-user & http://upstart.ubuntu.com/cookbook/#checking-how-a-service-might-react-when-run-as-a-job might be useful21:35
JanC11.43.2 on the first link21:35
durka42that first link is where I was already looking, but the second one might help me track down the device access bug21:35
durka42yeah, 11.43.2 is what I am trying now21:36
durka42even though it says "don't do this! here is how to do this", haha21:36
durka42well shit, now I have an unbootable system21:36
JanCfor most things su/sudo are not appropriate, but if you have something that expects to be run as an interactive user...21:37
JanCalso, screen/tmux is sometimes used21:39
JanCbut fixing USB access rights is maybe a better solution  :)21:39
durka42I am running under screen yes21:42
durka42well, I figured root would be able to access all the devices!21:42
durka42argh, the pre-stop script doesn't work when I change it to use su instead of setuid/setgid21:44
durka42why so fragile, upstart :(21:44
durka42JanC: any change you want to take a look at my service file and tell me all the terrible mistakes I'm making?21:45
JanCthe fact that you are running this under screen means that it's not a proper daemon and is not meant to be run like that...21:47
durka42that's correct21:47
durka42all I really want from upstart is start-on-startup and respawn-on-crash21:47
durka42is that too much to ask? :)21:48
JanCand I don't really have experience with running "services" under screen21:48
durka42or is there a middleman daemon that people use to get that kind of behavior21:48
JanCIIRC some people have been using it for that popular game (I forgot the name)21:49
durka42yes, I saw that section21:50
JanCthere are probably tutorials for that somewhere21:50
durka42my exec line is similar but I have exec setsid screen -L -Dm -S nri ./run.sh21:50
JanCe.g on ask ubuntu21:50
durka42I'll check around there21:51
durka42or I'll give up on upstart and use some other hack :(21:51
JanCit's not really upstart that is the problem AFAIK  :)21:52
durka42well, upstart is ubuntu's service runner21:53
durka42maybe cron can do what I want with less fuss?21:53
JanCbut you are trying to run a non-service as a service21:53
JanCcron will likely have the same issues21:53
durka42well, screen -D should take care of that21:54
JanCwhich is why you want to debug what you need but is missing21:54
durka42if my program were perfect, I wouldn't need the attachable screen _or_ the respawn-on-crash21:55
durka42but I have to be able to debug somehow21:55
JanCmaybe the program can be run in debug mode, or whatever?21:56
JanCalso, check if it runs with certain environment variables missing, etc. etc.21:56
durka42I wrote the program, so I know what environment variables it needs etc21:57
durka42it appears to run exactly the same except the camera driver fails with "device not found", that's all :(21:57
durka42even after the camera driver enumerates devices and says it is there :p21:57
JanCudev has to make it available21:58
JanCset the appropriate access rights etc.21:58
durka42and so somehow it's denying access to setuid'd root?21:59
durka42you'd think root would get what it wants21:59
JanCit might also be available under a not-so-well-known location21:59
durka42I admit to having no idea how the camera driver tries to access the device22:00
durka42I just tell it "search for any device with any serial number and give me a handle to the first one"22:00
durka42and for some reason this works in a shell, but not under my current upstart setup22:01
JanCthe debug link I gave above should give you some ideas about debugging in an environment that differs from a normal shell22:01
durka42yes, I will try that22:02
durka42gotta run22:02
durka42thanks for your advice!22:02
JanCfor example, some USB device access rights are set depending on the currently active login session22:03
JanCso e22:03
JanCso e.g. if you are working on your desktop, the currently active user session can access the camera  :)22:04
JanCand if you switch to another user, that user gets camera access22:05
durka42so there may be very good reasons that services are denied access to camera devices! :p22:05
durka42though I'm not sure linux knows this device is a camera22:05
durka42anyway, need to go see a man about a horse22:05
JanCit's not only for cameras of course22:06

Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!