=== DingoSaar_ is now known as DingoSaar [19:53] hi. what's the right way to write an upstart conf that runs my service as a specific user? [19:53] I am using "setuid" and "setgid", but some strange things are happening with USB device access that make me think perhaps I'm doing it wrong [21:06] durka42: some things also require a login session (I think there is something about that in the cookbook--see topic) [21:19] JanC: I'm a little confused, the cookbook has section 11.43.1 about how to "Run a job as a different user", which is what I want to [21:19] but that eventually links to section 4.2.3, which actually doesn't explain at all how to run a job as a different user [21:19] is there a better guide? [21:21] it sort of says I should "arrange for `init --user` to be run", but I have no idea how to do that [21:30] --user is for running upstart as a session daemon after login [21:31] right [21:31] but "run a job as different user" links to "user job" which links to "session job" [21:31] which says I need session daemon [21:31] but doesn't explain how to solve the original problem :) [21:33] I guess a session daemon executes all jobs as the user that owns the session [21:34] but would those jobs still be managed using 'service'? and if not, how? also, this is a headless machine where I don't want to have to log in [21:35] http://upstart.ubuntu.com/cookbook/#run-a-job-as-a-different-user & http://upstart.ubuntu.com/cookbook/#checking-how-a-service-might-react-when-run-as-a-job might be useful [21:35] 11.43.2 on the first link [21:35] that first link is where I was already looking, but the second one might help me track down the device access bug [21:36] yeah, 11.43.2 is what I am trying now [21:36] even though it says "don't do this! here is how to do this", haha [21:36] well shit, now I have an unbootable system [21:37] for most things su/sudo are not appropriate, but if you have something that expects to be run as an interactive user... [21:39] also, screen/tmux is sometimes used [21:39] but fixing USB access rights is maybe a better solution :) [21:42] I am running under screen yes [21:42] well, I figured root would be able to access all the devices! [21:44] argh, the pre-stop script doesn't work when I change it to use su instead of setuid/setgid [21:44] why so fragile, upstart :( [21:45] JanC: any change you want to take a look at my service file and tell me all the terrible mistakes I'm making? [21:45] chance* [21:47] the fact that you are running this under screen means that it's not a proper daemon and is not meant to be run like that... [21:47] that's correct [21:47] all I really want from upstart is start-on-startup and respawn-on-crash [21:48] is that too much to ask? :) [21:48] and I don't really have experience with running "services" under screen [21:48] or is there a middleman daemon that people use to get that kind of behavior [21:49] IIRC some people have been using it for that popular game (I forgot the name) [21:49] http://upstart.ubuntu.com/cookbook/#run-an-application-through-gnu-screen [21:50] minecraft? [21:50] yep [21:50] yes, I saw that section [21:50] there are probably tutorials for that somewhere [21:50] my exec line is similar but I have exec setsid screen -L -Dm -S nri ./run.sh [21:50] e.g on ask ubuntu [21:51] yeah [21:51] I'll check around there [21:51] or I'll give up on upstart and use some other hack :( [21:52] it's not really upstart that is the problem AFAIK :) [21:53] well, upstart is ubuntu's service runner [21:53] maybe cron can do what I want with less fuss? [21:53] but you are trying to run a non-service as a service [21:53] cron will likely have the same issues [21:54] well, screen -D should take care of that [21:54] which is why you want to debug what you need but is missing [21:55] if my program were perfect, I wouldn't need the attachable screen _or_ the respawn-on-crash [21:55] but I have to be able to debug somehow [21:56] maybe the program can be run in debug mode, or whatever? [21:56] also, check if it runs with certain environment variables missing, etc. etc. [21:57] I wrote the program, so I know what environment variables it needs etc [21:57] it appears to run exactly the same except the camera driver fails with "device not found", that's all :( [21:57] even after the camera driver enumerates devices and says it is there :p [21:58] udev has to make it available [21:58] set the appropriate access rights etc. [21:59] hmm [21:59] and so somehow it's denying access to setuid'd root? [21:59] you'd think root would get what it wants [21:59] it might also be available under a not-so-well-known location [22:00] I admit to having no idea how the camera driver tries to access the device [22:00] I just tell it "search for any device with any serial number and give me a handle to the first one" [22:01] and for some reason this works in a shell, but not under my current upstart setup [22:01] the debug link I gave above should give you some ideas about debugging in an environment that differs from a normal shell [22:02] yes, I will try that [22:02] gotta run [22:02] thanks for your advice! [22:03] for example, some USB device access rights are set depending on the currently active login session [22:03] so e [22:03] interesting [22:04] so e.g. if you are working on your desktop, the currently active user session can access the camera :) [22:04] right [22:05] and if you switch to another user, that user gets camera access [22:05] etc. [22:05] so there may be very good reasons that services are denied access to camera devices! :p [22:05] though I'm not sure linux knows this device is a camera [22:05] anyway, need to go see a man about a horse [22:06] it's not only for cameras of course