aceventura Posted August 19, 2021 Share Posted August 19, 2021 (edited) добрый день. подскажите, никак не найду, как запустить приложение (службу) (пример - privoxy) не от рута, а от другого пользователя, если в самом приложении такой настройки нет? в файле /etc/init.d/S24privoxy и других нет такой настройки... например systemd юнитах это как-то так [service] USER=privoxy GROUP privoxy; а как это сделать в entware? Edited August 19, 2021 by Hotery Quote Link to comment Share on other sites More sharing options...
TheBB Posted August 19, 2021 Share Posted August 19, 2021 (edited) privoxy --help ~ # chmod 666 /opt/etc/privoxy/config ~ # ~ # chmod 666 /opt/var/log/privoxy.log ~ # ~ # /opt/etc/init.d/S24privoxy start Starting privoxy... done. ~ # ~ # /opt/etc/init.d/S24privoxy status Checking privoxy... alive. ~ # ~ # ps | grep -v grep | grep priv 20658 test 3980 S privoxy --user test /opt/etc/privoxy/config ~ # --- через обёртку ~ # ~ # id test uid=10(test) gid=10(test) groups=10(test) ~ # ~ # /opt/etc/init.d/S24privoxy stop Checking privoxy... alive. Shutting down privoxy... done. ~ # ~ # ps | grep -v grep | grep priv ~ # ~ # privoxy-su /opt/etc/privoxy/config ~ # ~ # ps | grep -v grep | grep priv 21646 test 3844 S privoxy /opt/etc/privoxy/config ~ # ~ # /opt/etc/init.d/S24privoxy status Checking privoxy... alive. ~ # ~ # cat /opt/bin/privoxy-su #!/opt/bin/sh exec su test -p -c "privoxy $1 $2 $3 $4" ~ # === чтоб два раза не вставать - обратный финт ушами... /opt $ id uid=10000(tester) gid=10000(tester) groups=10000(tester) /opt $ /opt $ /opt/etc/init.d/S24privoxy status Checking privoxy... dead. /opt $ /opt $ privoxy-su /opt/etc/privoxy/config /opt $ /opt $ /opt/etc/init.d/S24privoxy status Checking privoxy... alive. /opt $ ~ # cat /opt/bin/privoxy-su #!/opt/bin/sh -x exec echo keenetic | su -p -m root -c "/opt/sbin/privoxy $1 $2 $3 $4" ~ # Edited August 19, 2021 by TheBB add2 Quote Link to comment Share on other sites More sharing options...
aceventura Posted August 19, 2021 Author Share Posted August 19, 2021 спасибо! чтот застрял... cat /opt/usr/sbin/privoxy-su #!/opt/bin/sh su privoxy -p -c "privoxy $1 $2 $3 $4" так запускается: privoxy-su /opt/etc/privoxy (процесс в ps w есть) а если в /opt/etc/init.d/S24privoxy написать PROCS=privoxy-su - не запускается ~ # /opt/etc/init.d/S24privoxy start Starting privoxy-su... failed. кажется оно не уходит в background... присобачил перед "su ..." sudo -b" и заработало но наверно как-то криво. как правильно? Quote Link to comment Share on other sites More sharing options...
TheBB Posted August 19, 2021 Share Posted August 19, 2021 (edited) 1 час назад, Hotery сказал: как правильно? правильно - через ключ "--user" --- ~ # ~ # /opt/etc/init.d/S24privoxy start Starting privoxy... done. ~ # ~ # /opt/etc/init.d/S24privoxy status Checking privoxy... alive. ~ # ~ # ps | grep -v grep | grep priv 15059 root 3844 S privoxy /opt/etc/privoxy/config ~ # ~ # /opt/etc/init.d/S24privoxy stop Checking privoxy... alive. Shutting down privoxy... done. ~ # ~ # chown -R privoxy:privoxy /opt/etc/privoxy ~ # ~ # chown privoxy:privoxy /opt/var/log/privoxy.log ~ # ~ # /opt/etc/init.d/S24privoxy start Starting privoxy... done. ~ # ~ # /opt/etc/init.d/S24privoxy status Checking privoxy... alive. ~ # ~ # ps | grep -v grep | grep priv 15164 privoxy 3980 S privoxy --user privoxy /opt/etc/privoxy/config ~ # === ~ # start-stop-daemon BusyBox v1.33.1 (2021-07-08 20:18:22 UTC) multi-call binary. Usage: start-stop-daemon [OPTIONS] [-S|-K] ... [-- ARGS...] Search for matching processes, and then -K: stop all matching processes -S: start a process unless a matching process is found Process matching: -u USERNAME|UID Match only this user's processes -n NAME Match processes with NAME in comm field in /proc/PID/stat -x EXECUTABLE Match processes with this command in /proc/PID/cmdline -p FILE Match a process with PID from FILE All specified conditions must match -S only: -x EXECUTABLE Program to run -a NAME Zeroth argument -b Background -c USER[:[GRP]] Change user/group -m Write PID to pidfile specified by -p -K only: -s SIG Signal to send -t Match only, exit with 0 if found Other: -q Quiet ~ # Edited August 19, 2021 by TheBB add2 Quote Link to comment Share on other sites More sharing options...
TheBB Posted August 20, 2021 Share Posted August 20, 2021 16 часов назад, Hotery сказал: спасибо! чтот застрял... Это всего лишь вариации на тему... ~ # /opt/etc/init.d/S20privoxy start starting privoxy ~ # /opt/etc/init.d/S20privoxy status privoxy already running ~ # /opt/etc/init.d/S20privoxy restart stopping privoxy starting privoxy ~ # /opt/etc/init.d/S20privoxy check privoxy already running ~ # ps | grep -v grep | grep priv 31153 privoxy 3844 S /opt/sbin/privoxy --pidfile /opt/tmp/privoxy.pid /opt/etc/privoxy/config ~ # /opt/etc/init.d/S20privoxy stop stopping privoxy ~ # /opt/etc/init.d/S20privoxy status privoxy is not running ~ # ~ # ~ # cat /opt/etc/init.d/S20privoxy #!/bin/sh PATH=/opt/sbin:/opt/bin PIDFILE="/opt/tmp/privoxy.pid" PROGRAM="privoxy" PROGRAM_BIN="/opt/sbin/$PROGRAM" USER="$PROGRAM" OK="$PROGRAM already running" NO="$PROGRAM is not running" status_check () { [ -f $PIDFILE ] && [ -d /proc/"$(pidof $PROGRAM)" ] } start() { su "$USER" -m -p -c "$PROGRAM_BIN --pidfile $PIDFILE /opt/etc/privoxy/config" && echo starting $PROGRAM } stop() { kill "$(pidof $PROGRAM)" && echo stopping $PROGRAM } case "$1" in start) if status_check then echo $OK else start fi ;; stop) if status_check then stop else echo $NO fi ;; check|status) if status_check then echo $OK else echo $NO fi ;; restart) stop sleep 3 start ;; *) echo "Usage: $0 {start|stop|restart|status}" ;; esac ~ # Quote Link to comment Share on other sites More sharing options...
TheBB Posted August 21, 2021 Share Posted August 21, 2021 Продолжим глумиться над пользователями, группами, правами доступа, запуском... ))) Для наглядности, запуск с отладкой - "#!/opt/bin/sh -x" (прошивочный sh так не умеет) USER=GROUP=privoxy Скрытый текст ~ # ~ # ~ # ~ # /opt/etc/init.d/S24privoxy start + USER=privoxy + ENABLED=yes + PROCS=privoxy + . /opt/etc/init.d/protector + protect + local 'USER=privoxy' + local 'GROUP=privoxy' + HOMEDIR=/opt/tmp/privoxy + CONFDIR=/opt/tmp/privoxy/conf + LOGDIR=/opt/tmp/privoxy/log + LOGFILE=/opt/tmp/privoxy/log/privoxy.log + PIDDIR=/opt/tmp/privoxy/run + PIDFILE=/opt/tmp/privoxy/run/privoxy.pid + '[' -d /opt/tmp/privoxy ] + mkdir -p /opt/tmp/privoxy + chown privoxy:privoxy /opt/tmp/privoxy + '[' -d /opt/tmp/privoxy/conf ] + mkdir -p /opt/tmp/privoxy/conf + cp -R /opt/etc/privoxy/config /opt/etc/privoxy/config-opkg /opt/etc/privoxy/default.action /opt/etc/privoxy/default.filter /opt/etc/privoxy/match-all.action /opt/etc/privoxy/regression-tests.action /opt/etc/privoxy/templates /opt/etc/privoxy/user.action /opt/etc/privoxy/user.filter /opt/etc/privoxy/user.trust /opt/tmp/privoxy/conf/ + chown -R privoxy:privoxy /opt/tmp/privoxy/conf + '[' -d /opt/tmp/privoxy/log ] + mkdir -p /opt/tmp/privoxy/log + touch /opt/tmp/privoxy/log/privoxy.log + chown -R privoxy:privoxy /opt/tmp/privoxy/log + chmod 644 /opt/tmp/privoxy/log/privoxy.log + '[' -d /opt/tmp/privoxy/run ] + mkdir -p /opt/tmp/privoxy/run + chown -R privoxy:privoxy /opt/tmp/privoxy/run + ARGS='--pidfile /opt/tmp/privoxy/run/privoxy.pid --user privoxy /opt/tmp/privoxy/conf/config' + PREARGS= + DESC=privoxy + PATH=/opt/sbin:/opt/bin + . /opt/etc/init.d/rc.func + ACTION=start + CALLER= + ansi_red='\033[1;31m' + ansi_white='\033[1;37m' + ansi_green='\033[1;32m' + ansi_yellow='\033[1;33m' + ansi_blue='\033[1;34m' + ansi_bell='\007' + ansi_blink='\033[5m' + ansi_std='\033[m' + ansi_rev='\033[7m' + ansi_ul='\033[4m' + start + '[' '!=' yes -a '=' cron ] + '[' yes '!=' yes ] + echo -e -n '\033[1;37m Starting privoxy... \033[m' Starting privoxy... + pidof privoxy + '[' -n ] + + COUNTER=0 + LIMIT=10 + privoxy --pidfile /opt/tmp/privoxy/run/privoxy.pid --user privoxy /opt/tmp/privoxy/conf/config + pidof privoxy + '[' -z 27774 -a 0 -le 10 ] + + pidof privoxy + '[' -z '27776 27774' ] + echo -e ' \033[1;32m done. \033[m' done. + logger 'Started privoxy from .' + return 0 + '[' start '=' stop ] ~ # ~ # ~ # ps | grep -v grep | grep priv 27776 privoxy 3984 S privoxy --pidfile /opt/tmp/privoxy/run/privoxy.pid --user privoxy /opt/tmp/privoxy/conf/config ~ # ~ # /opt/etc/init.d/S24privoxy status + USER=privoxy + ENABLED=yes + PROCS=privoxy + . /opt/etc/init.d/protector + protect + local 'USER=privoxy' + local 'GROUP=privoxy' + HOMEDIR=/opt/tmp/privoxy + CONFDIR=/opt/tmp/privoxy/conf + LOGDIR=/opt/tmp/privoxy/log + LOGFILE=/opt/tmp/privoxy/log/privoxy.log + PIDDIR=/opt/tmp/privoxy/run + PIDFILE=/opt/tmp/privoxy/run/privoxy.pid + '[' -d /opt/tmp/privoxy ] + '[' -d /opt/tmp/privoxy/conf ] + '[' -d /opt/tmp/privoxy/log ] + '[' -d /opt/tmp/privoxy/run ] + ARGS='--pidfile /opt/tmp/privoxy/run/privoxy.pid --user privoxy /opt/tmp/privoxy/conf/config' + PREARGS= + DESC=privoxy + PATH=/opt/sbin:/opt/bin + . /opt/etc/init.d/rc.func + ACTION=status + CALLER= + ansi_red='\033[1;31m' + ansi_white='\033[1;37m' + ansi_green='\033[1;32m' + ansi_yellow='\033[1;33m' + ansi_blue='\033[1;34m' + ansi_bell='\007' + ansi_blink='\033[5m' + ansi_std='\033[m' + ansi_rev='\033[7m' + ansi_ul='\033[4m' + check + echo -e -n '\033[1;37m Checking privoxy... ' Checking privoxy... + pidof privoxy + '[' -n 27776 ] + echo -e ' \033[1;32m alive. \033[m' alive. + return 0 + '[' status '=' stop ] ~ # ~ # /opt/etc/init.d/S24privoxy restart + USER=privoxy + ENABLED=yes + PROCS=privoxy + . /opt/etc/init.d/protector + protect + local 'USER=privoxy' + local 'GROUP=privoxy' + HOMEDIR=/opt/tmp/privoxy + CONFDIR=/opt/tmp/privoxy/conf + LOGDIR=/opt/tmp/privoxy/log + LOGFILE=/opt/tmp/privoxy/log/privoxy.log + PIDDIR=/opt/tmp/privoxy/run + PIDFILE=/opt/tmp/privoxy/run/privoxy.pid + '[' -d /opt/tmp/privoxy ] + '[' -d /opt/tmp/privoxy/conf ] + '[' -d /opt/tmp/privoxy/log ] + '[' -d /opt/tmp/privoxy/run ] + ARGS='--pidfile /opt/tmp/privoxy/run/privoxy.pid --user privoxy /opt/tmp/privoxy/conf/config' + PREARGS= + DESC=privoxy + PATH=/opt/sbin:/opt/bin + . /opt/etc/init.d/rc.func + ACTION=restart + CALLER= + ansi_red='\033[1;31m' + ansi_white='\033[1;37m' + ansi_green='\033[1;32m' + ansi_yellow='\033[1;33m' + ansi_blue='\033[1;34m' + ansi_bell='\007' + ansi_blink='\033[5m' + ansi_std='\033[m' + ansi_rev='\033[7m' + ansi_ul='\033[4m' + check + echo -e -n '\033[1;37m Checking privoxy... ' + pidof privoxy + '[' -n 27776 ] + echo -e ' \033[1;32m alive. \033[m' + return 0 + stop + echo -e -n '\033[1;37m Shutting down privoxy... \033[m' Shutting down privoxy... + killall privoxy + COUNTER=0 + LIMIT=10 + pidof privoxy + '[' -n -a 0 -le 10 ] + pidof privoxy + '[' -n ] + echo -e ' \033[1;32m done. \033[m' done. + return 0 + start + '[' '!=' yes -a '=' cron ] + '[' yes '!=' yes ] + echo -e -n '\033[1;37m Starting privoxy... \033[m' Starting privoxy... + pidof privoxy + '[' -n ] + + COUNTER=0 + LIMIT=10 + privoxy --pidfile /opt/tmp/privoxy/run/privoxy.pid --user privoxy /opt/tmp/privoxy/conf/config + pidof privoxy + '[' -z 27849 -a 0 -le 10 ] + + pidof privoxy + '[' -z '27851 27849' ] + echo -e ' \033[1;32m done. \033[m' done. + logger 'Started privoxy from .' + return 0 + '[' restart '=' stop ] ~ # ~ # ~ # ~ # ps | grep -v grep | grep priv 27851 privoxy 3984 S privoxy --pidfile /opt/tmp/privoxy/run/privoxy.pid --user privoxy /opt/tmp/privoxy/conf/config ~ # ~ # /opt/etc/init.d/S24privoxy stop + USER=privoxy + ENABLED=yes + PROCS=privoxy + . /opt/etc/init.d/protector + protect + local 'USER=privoxy' + local 'GROUP=privoxy' + HOMEDIR=/opt/tmp/privoxy + CONFDIR=/opt/tmp/privoxy/conf + LOGDIR=/opt/tmp/privoxy/log + LOGFILE=/opt/tmp/privoxy/log/privoxy.log + PIDDIR=/opt/tmp/privoxy/run + PIDFILE=/opt/tmp/privoxy/run/privoxy.pid + '[' -d /opt/tmp/privoxy ] + '[' -d /opt/tmp/privoxy/conf ] + '[' -d /opt/tmp/privoxy/log ] + '[' -d /opt/tmp/privoxy/run ] + ARGS='--pidfile /opt/tmp/privoxy/run/privoxy.pid --user privoxy /opt/tmp/privoxy/conf/config' + PREARGS= + DESC=privoxy + PATH=/opt/sbin:/opt/bin + . /opt/etc/init.d/rc.func + ACTION=stop + CALLER= + ansi_red='\033[1;31m' + ansi_white='\033[1;37m' + ansi_green='\033[1;32m' + ansi_yellow='\033[1;33m' + ansi_blue='\033[1;34m' + ansi_bell='\007' + ansi_blink='\033[5m' + ansi_std='\033[m' + ansi_rev='\033[7m' + ansi_ul='\033[4m' + check + echo -e -n '\033[1;37m Checking privoxy... ' Checking privoxy... + pidof privoxy + '[' -n 27851 ] + echo -e ' \033[1;32m alive. \033[m' alive. + return 0 + stop + echo -e -n '\033[1;37m Shutting down privoxy... \033[m' Shutting down privoxy... + killall privoxy + COUNTER=0 + LIMIT=10 + pidof privoxy + '[' -n -a 0 -le 10 ] + pidof privoxy + '[' -n ] + echo -e ' \033[1;32m done. \033[m' done. + return 0 + '[' stop '=' stop ] + rm -rf /opt/tmp/privoxy ~ # ~ # ~ # ps | grep -v grep | grep priv ~ # USER=GROUP=nobody ~ # ~ # sed -i -e 's,^USER="privoxy",USER="nobody",' /opt/etc/init.d/S24privoxy ~ # Скрытый текст ~ # ~ # /opt/etc/init.d/S24privoxy start + USER=nobody + ENABLED=yes + PROCS=privoxy + . /opt/etc/init.d/protector + protect + local 'USER=nobody' + local 'GROUP=nobody' + HOMEDIR=/opt/tmp/privoxy + CONFDIR=/opt/tmp/privoxy/conf + LOGDIR=/opt/tmp/privoxy/log + LOGFILE=/opt/tmp/privoxy/log/privoxy.log + PIDDIR=/opt/tmp/privoxy/run + PIDFILE=/opt/tmp/privoxy/run/privoxy.pid + '[' -d /opt/tmp/privoxy ] + mkdir -p /opt/tmp/privoxy + chown nobody:nobody /opt/tmp/privoxy + '[' -d /opt/tmp/privoxy/conf ] + mkdir -p /opt/tmp/privoxy/conf + cp -R /opt/etc/privoxy/config /opt/etc/privoxy/config-opkg /opt/etc/privoxy/default.action /opt/etc/privoxy/default.filter /opt/etc/privoxy/match-all.action /opt/etc/privoxy/regression-tests.action /opt/etc/privoxy/templates /opt/etc/privoxy/user.action /opt/etc/privoxy/user.filter /opt/etc/privoxy/user.trust /opt/tmp/privoxy/conf/ + chown -R nobody:nobody /opt/tmp/privoxy/conf + '[' -d /opt/tmp/privoxy/log ] + mkdir -p /opt/tmp/privoxy/log + touch /opt/tmp/privoxy/log/privoxy.log + chown -R nobody:nobody /opt/tmp/privoxy/log + chmod 644 /opt/tmp/privoxy/log/privoxy.log + '[' -d /opt/tmp/privoxy/run ] + mkdir -p /opt/tmp/privoxy/run + chown -R nobody:nobody /opt/tmp/privoxy/run + ARGS='--pidfile /opt/tmp/privoxy/run/privoxy.pid --user nobody /opt/tmp/privoxy/conf/config' + PREARGS= + DESC=privoxy + PATH=/opt/sbin:/opt/bin + . /opt/etc/init.d/rc.func + ACTION=start + CALLER= + ansi_red='\033[1;31m' + ansi_white='\033[1;37m' + ansi_green='\033[1;32m' + ansi_yellow='\033[1;33m' + ansi_blue='\033[1;34m' + ansi_bell='\007' + ansi_blink='\033[5m' + ansi_std='\033[m' + ansi_rev='\033[7m' + ansi_ul='\033[4m' + start + '[' '!=' yes -a '=' cron ] + '[' yes '!=' yes ] + echo -e -n '\033[1;37m Starting privoxy... \033[m' Starting privoxy... + pidof privoxy + '[' -n ] + + COUNTER=0 + LIMIT=10 + privoxy+ --pidfilepidof privoxy /opt/tmp/privoxy/run/privoxy.pid --user nobody /opt/tmp/privoxy/conf/config + '[' -z 28028 -a 0 -le 10 ] + + pidof privoxy + '[' -z '28030 28028' ] + echo -e ' \033[1;32m done. \033[m' done. + logger 'Started privoxy from .' + return 0 + '[' start '=' stop ] ~ # ~ # ~ # ps | grep -v grep | grep priv 28030 nobody 3984 S privoxy --pidfile /opt/tmp/privoxy/run/privoxy.pid --user nobody /opt/tmp/privoxy/conf/config ~ # ~ # /opt/etc/init.d/S24privoxy status + USER=nobody + ENABLED=yes + PROCS=privoxy + . /opt/etc/init.d/protector + protect + local 'USER=nobody' + local 'GROUP=nobody' + HOMEDIR=/opt/tmp/privoxy + CONFDIR=/opt/tmp/privoxy/conf + LOGDIR=/opt/tmp/privoxy/log + LOGFILE=/opt/tmp/privoxy/log/privoxy.log + PIDDIR=/opt/tmp/privoxy/run + PIDFILE=/opt/tmp/privoxy/run/privoxy.pid + '[' -d /opt/tmp/privoxy ] + '[' -d /opt/tmp/privoxy/conf ] + '[' -d /opt/tmp/privoxy/log ] + '[' -d /opt/tmp/privoxy/run ] + ARGS='--pidfile /opt/tmp/privoxy/run/privoxy.pid --user nobody /opt/tmp/privoxy/conf/config' + PREARGS= + DESC=privoxy + PATH=/opt/sbin:/opt/bin + . /opt/etc/init.d/rc.func + ACTION=status + CALLER= + ansi_red='\033[1;31m' + ansi_white='\033[1;37m' + ansi_green='\033[1;32m' + ansi_yellow='\033[1;33m' + ansi_blue='\033[1;34m' + ansi_bell='\007' + ansi_blink='\033[5m' + ansi_std='\033[m' + ansi_rev='\033[7m' + ansi_ul='\033[4m' + check + echo -e -n '\033[1;37m Checking privoxy... ' Checking privoxy... + pidof privoxy + '[' -n 28030 ] + echo -e ' \033[1;32m alive. \033[m' alive. + return 0 + '[' status '=' stop ] ~ # ~ # /opt/etc/init.d/S24privoxy restart + USER=nobody + ENABLED=yes + PROCS=privoxy + . /opt/etc/init.d/protector + protect + local 'USER=nobody' + local 'GROUP=nobody' + HOMEDIR=/opt/tmp/privoxy + CONFDIR=/opt/tmp/privoxy/conf + LOGDIR=/opt/tmp/privoxy/log + LOGFILE=/opt/tmp/privoxy/log/privoxy.log + PIDDIR=/opt/tmp/privoxy/run + PIDFILE=/opt/tmp/privoxy/run/privoxy.pid + '[' -d /opt/tmp/privoxy ] + '[' -d /opt/tmp/privoxy/conf ] + '[' -d /opt/tmp/privoxy/log ] + '[' -d /opt/tmp/privoxy/run ] + ARGS='--pidfile /opt/tmp/privoxy/run/privoxy.pid --user nobody /opt/tmp/privoxy/conf/config' + PREARGS= + DESC=privoxy + PATH=/opt/sbin:/opt/bin + . /opt/etc/init.d/rc.func + ACTION=restart + CALLER= + ansi_red='\033[1;31m' + ansi_white='\033[1;37m' + ansi_green='\033[1;32m' + ansi_yellow='\033[1;33m' + ansi_blue='\033[1;34m' + ansi_bell='\007' + ansi_blink='\033[5m' + ansi_std='\033[m' + ansi_rev='\033[7m' + ansi_ul='\033[4m' + check + echo -e -n '\033[1;37m Checking privoxy... ' + pidof privoxy + '[' -n 28030 ] + echo -e ' \033[1;32m alive. \033[m' + return 0 + stop + echo -e -n '\033[1;37m Shutting down privoxy... \033[m' Shutting down privoxy... + killall privoxy + COUNTER=0 + LIMIT=10 + pidof privoxy + '[' -n -a 0 -le 10 ] + pidof privoxy + '[' -n ] + echo -e ' \033[1;32m done. \033[m' done. + return 0 + start + '[' '!=' yes -a '=' cron ] + '[' yes '!=' yes ] + echo -e -n '\033[1;37m Starting privoxy... \033[m' Starting privoxy... + pidof privoxy + '[' -n ] + + COUNTER=0 + LIMIT=10 + privoxy --pidfile /opt/tmp/privoxy/run/privoxy.pid --user nobody /opt/tmp/privoxy/conf/config + pidof privoxy + '[' -z 28077 -a 0 -le 10 ] + + pidof privoxy + '[' -z '28079 28077' ] + echo -e ' \033[1;32m done. \033[m' done. + logger 'Started privoxy from .' + return 0 + '[' restart '=' stop ] ~ # ~ # ~ # ps | grep -v grep | grep priv 28079 nobody 3984 S privoxy --pidfile /opt/tmp/privoxy/run/privoxy.pid --user nobody /opt/tmp/privoxy/conf/config ~ # ~ # /opt/etc/init.d/S24privoxy stop + USER=nobody + ENABLED=yes + PROCS=privoxy + . /opt/etc/init.d/protector + protect + local 'USER=nobody' + local 'GROUP=nobody' + HOMEDIR=/opt/tmp/privoxy + CONFDIR=/opt/tmp/privoxy/conf + LOGDIR=/opt/tmp/privoxy/log + LOGFILE=/opt/tmp/privoxy/log/privoxy.log + PIDDIR=/opt/tmp/privoxy/run + PIDFILE=/opt/tmp/privoxy/run/privoxy.pid + '[' -d /opt/tmp/privoxy ] + '[' -d /opt/tmp/privoxy/conf ] + '[' -d /opt/tmp/privoxy/log ] + '[' -d /opt/tmp/privoxy/run ] + ARGS='--pidfile /opt/tmp/privoxy/run/privoxy.pid --user nobody /opt/tmp/privoxy/conf/config' + PREARGS= + DESC=privoxy + PATH=/opt/sbin:/opt/bin + . /opt/etc/init.d/rc.func + ACTION=stop + CALLER= + ansi_red='\033[1;31m' + ansi_white='\033[1;37m' + ansi_green='\033[1;32m' + ansi_yellow='\033[1;33m' + ansi_blue='\033[1;34m' + ansi_bell='\007' + ansi_blink='\033[5m' + ansi_std='\033[m' + ansi_rev='\033[7m' + ansi_ul='\033[4m' + check + echo -e -n '\033[1;37m Checking privoxy... ' Checking privoxy... + pidof privoxy + '[' -n 28079 ] + echo -e ' \033[1;32m alive. \033[m' alive. + return 0 + stop + echo -e -n '\033[1;37m Shutting down privoxy... \033[m' Shutting down privoxy... + killall privoxy + COUNTER=0 + LIMIT=10 + pidof privoxy + '[' -n -a 0 -le 10 ] + pidof privoxy + '[' -n ] + echo -e ' \033[1;32m done. \033[m' done. + return 0 + '[' stop '=' stop ] + rm -rf /opt/tmp/privoxy ~ # ~ # ~ # ps | grep -v grep | grep priv ~ # USER=GROUP=www ~ # ~ # sed -i -e 's,nobody,www,' /opt/etc/init.d/S24privoxy ~ # Скрытый текст ~ # ~ # /opt/etc/init.d/S24privoxy start + USER=www + ENABLED=yes + PROCS=privoxy + . /opt/etc/init.d/protector + protect + local 'USER=www' + local 'GROUP=www' + HOMEDIR=/opt/tmp/privoxy + CONFDIR=/opt/tmp/privoxy/conf + LOGDIR=/opt/tmp/privoxy/log + LOGFILE=/opt/tmp/privoxy/log/privoxy.log + PIDDIR=/opt/tmp/privoxy/run + PIDFILE=/opt/tmp/privoxy/run/privoxy.pid + '[' -d /opt/tmp/privoxy ] + mkdir -p /opt/tmp/privoxy + chown www:www /opt/tmp/privoxy + '[' -d /opt/tmp/privoxy/conf ] + mkdir -p /opt/tmp/privoxy/conf + cp -R /opt/etc/privoxy/config /opt/etc/privoxy/config-opkg /opt/etc/privoxy/default.action /opt/etc/privoxy/default.filter /opt/etc/privoxy/match-all.action /opt/etc/privoxy/regression-tests.action /opt/etc/privoxy/templates /opt/etc/privoxy/user.action /opt/etc/privoxy/user.filter /opt/etc/privoxy/user.trust /opt/tmp/privoxy/conf/ + chown -R www:www /opt/tmp/privoxy/conf + '[' -d /opt/tmp/privoxy/log ] + mkdir -p /opt/tmp/privoxy/log + touch /opt/tmp/privoxy/log/privoxy.log + chown -R www:www /opt/tmp/privoxy/log + chmod 644 /opt/tmp/privoxy/log/privoxy.log + '[' -d /opt/tmp/privoxy/run ] + mkdir -p /opt/tmp/privoxy/run + chown -R www:www /opt/tmp/privoxy/run + ARGS='--pidfile /opt/tmp/privoxy/run/privoxy.pid --user www /opt/tmp/privoxy/conf/config' + PREARGS= + DESC=privoxy + PATH=/opt/sbin:/opt/bin + . /opt/etc/init.d/rc.func + ACTION=start + CALLER= + ansi_red='\033[1;31m' + ansi_white='\033[1;37m' + ansi_green='\033[1;32m' + ansi_yellow='\033[1;33m' + ansi_blue='\033[1;34m' + ansi_bell='\007' + ansi_blink='\033[5m' + ansi_std='\033[m' + ansi_rev='\033[7m' + ansi_ul='\033[4m' + start + '[' '!=' yes -a '=' cron ] + '[' yes '!=' yes ] + echo -e -n '\033[1;37m Starting privoxy... \033[m' Starting privoxy... + pidof privoxy + '[' -n ] + + COUNTER=0 + LIMIT=10 + pidof privoxy+ privoxy --pidfile /opt/tmp/privoxy/run/privoxy.pid --user www /opt/tmp/privoxy/conf/config + '[' -z 28182 -a 0 -le 10 ] + + pidof privoxy + '[' -z 28182 ] + echo -e ' \033[1;32m done. \033[m' done. + logger 'Started privoxy from .' + return 0 + '[' start '=' stop ] ~ # ~ # ps | grep -v grep | grep priv 28185 www 3984 S privoxy --pidfile /opt/tmp/privoxy/run/privoxy.pid --user www /opt/tmp/privoxy/conf/config ~ # ~ # /opt/etc/init.d/S24privoxy status + USER=www + ENABLED=yes + PROCS=privoxy + . /opt/etc/init.d/protector + protect + local 'USER=www' + local 'GROUP=www' + HOMEDIR=/opt/tmp/privoxy + CONFDIR=/opt/tmp/privoxy/conf + LOGDIR=/opt/tmp/privoxy/log + LOGFILE=/opt/tmp/privoxy/log/privoxy.log + PIDDIR=/opt/tmp/privoxy/run + PIDFILE=/opt/tmp/privoxy/run/privoxy.pid + '[' -d /opt/tmp/privoxy ] + '[' -d /opt/tmp/privoxy/conf ] + '[' -d /opt/tmp/privoxy/log ] + '[' -d /opt/tmp/privoxy/run ] + ARGS='--pidfile /opt/tmp/privoxy/run/privoxy.pid --user www /opt/tmp/privoxy/conf/config' + PREARGS= + DESC=privoxy + PATH=/opt/sbin:/opt/bin + . /opt/etc/init.d/rc.func + ACTION=status + CALLER= + ansi_red='\033[1;31m' + ansi_white='\033[1;37m' + ansi_green='\033[1;32m' + ansi_yellow='\033[1;33m' + ansi_blue='\033[1;34m' + ansi_bell='\007' + ansi_blink='\033[5m' + ansi_std='\033[m' + ansi_rev='\033[7m' + ansi_ul='\033[4m' + check + echo -e -n '\033[1;37m Checking privoxy... ' Checking privoxy... + pidof privoxy + '[' -n 28185 ] + echo -e ' \033[1;32m alive. \033[m' alive. + return 0 + '[' status '=' stop ] ~ # ~ # /opt/etc/init.d/S24privoxy restart + USER=www + ENABLED=yes + PROCS=privoxy + . /opt/etc/init.d/protector + protect + local 'USER=www' + local 'GROUP=www' + HOMEDIR=/opt/tmp/privoxy + CONFDIR=/opt/tmp/privoxy/conf + LOGDIR=/opt/tmp/privoxy/log + LOGFILE=/opt/tmp/privoxy/log/privoxy.log + PIDDIR=/opt/tmp/privoxy/run + PIDFILE=/opt/tmp/privoxy/run/privoxy.pid + '[' -d /opt/tmp/privoxy ] + '[' -d /opt/tmp/privoxy/conf ] + '[' -d /opt/tmp/privoxy/log ] + '[' -d /opt/tmp/privoxy/run ] + ARGS='--pidfile /opt/tmp/privoxy/run/privoxy.pid --user www /opt/tmp/privoxy/conf/config' + PREARGS= + DESC=privoxy + PATH=/opt/sbin:/opt/bin + . /opt/etc/init.d/rc.func + ACTION=restart + CALLER= + ansi_red='\033[1;31m' + ansi_white='\033[1;37m' + ansi_green='\033[1;32m' + ansi_yellow='\033[1;33m' + ansi_blue='\033[1;34m' + ansi_bell='\007' + ansi_blink='\033[5m' + ansi_std='\033[m' + ansi_rev='\033[7m' + ansi_ul='\033[4m' + check + echo -e -n '\033[1;37m Checking privoxy... ' + pidof privoxy + '[' -n 28185 ] + echo -e ' \033[1;32m alive. \033[m' + return 0 + stop + echo -e -n '\033[1;37m Shutting down privoxy... \033[m' Shutting down privoxy... + killall privoxy + COUNTER=0 + LIMIT=10 + pidof privoxy + '[' -n -a 0 -le 10 ] + pidof privoxy + '[' -n ] + echo -e ' \033[1;32m done. \033[m' done. + return 0 + start + '[' '!=' yes -a '=' cron ] + '[' yes '!=' yes ] + echo -e -n '\033[1;37m Starting privoxy... \033[m' Starting privoxy... + pidof privoxy + '[' -n ] + + COUNTER=0 + LIMIT=10 + privoxy --pidfile /opt/tmp/privoxy/run/privoxy.pid --user www /opt/tmp/privoxy/conf/config + pidof privoxy + '[' -z 28233 -a 0 -le 10 ] + + pidof privoxy + '[' -z '28235 28233' ] + echo -e ' \033[1;32m done. \033[m' done. + logger 'Started privoxy from .' + return 0 + '[' restart '=' stop ] ~ # ~ # ~ # ps | grep -v grep | grep priv 28235 www 3984 S privoxy --pidfile /opt/tmp/privoxy/run/privoxy.pid --user www /opt/tmp/privoxy/conf/config ~ # ~ # ~ # /opt/etc/init.d/S24privoxy stop + USER=www + ENABLED=yes + PROCS=privoxy + . /opt/etc/init.d/protector + protect + local 'USER=www' + local 'GROUP=www' + HOMEDIR=/opt/tmp/privoxy + CONFDIR=/opt/tmp/privoxy/conf + LOGDIR=/opt/tmp/privoxy/log + LOGFILE=/opt/tmp/privoxy/log/privoxy.log + PIDDIR=/opt/tmp/privoxy/run + PIDFILE=/opt/tmp/privoxy/run/privoxy.pid + '[' -d /opt/tmp/privoxy ] + '[' -d /opt/tmp/privoxy/conf ] + '[' -d /opt/tmp/privoxy/log ] + '[' -d /opt/tmp/privoxy/run ] + ARGS='--pidfile /opt/tmp/privoxy/run/privoxy.pid --user www /opt/tmp/privoxy/conf/config' + PREARGS= + DESC=privoxy + PATH=/opt/sbin:/opt/bin + . /opt/etc/init.d/rc.func + ACTION=stop + CALLER= + ansi_red='\033[1;31m' + ansi_white='\033[1;37m' + ansi_green='\033[1;32m' + ansi_yellow='\033[1;33m' + ansi_blue='\033[1;34m' + ansi_bell='\007' + ansi_blink='\033[5m' + ansi_std='\033[m' + ansi_rev='\033[7m' + ansi_ul='\033[4m' + check + echo -e -n '\033[1;37m Checking privoxy... ' Checking privoxy... + pidof privoxy + '[' -n 28235 ] + echo -e ' \033[1;32m alive. \033[m' alive. + return 0 + stop + echo -e -n '\033[1;37m Shutting down privoxy... \033[m' Shutting down privoxy... + killall privoxy + COUNTER=0 + LIMIT=10 + pidof privoxy + '[' -n -a 0 -le 10 ] + pidof privoxy + '[' -n ] + echo -e ' \033[1;32m done. \033[m' done. + return 0 + '[' stop '=' stop ] + rm -rf /opt/tmp/privoxy ~ # ~ # ~ # ~ # cat /opt/etc/init.d/S24privoxy #!/opt/bin/sh -x USER="www" ENABLED=yes PROCS=privoxy . /opt/etc/init.d/protector ARGS="--pidfile $PIDFILE --user $USER $CONFDIR/config" PREARGS="" DESC=$PROCS PATH=/opt/sbin:/opt/bin . /opt/etc/init.d/rc.func [ "$ACTION" = "stop" ] && rm -rf "$HOMEDIR" ~ # ~ # ~ # ~ # cat /opt/etc/init.d/protector # test protector protect() { local USER="$USER" local GROUP="$USER" HOMEDIR="/opt/tmp/$PROCS" CONFDIR="$HOMEDIR/conf" LOGDIR="$HOMEDIR/log" LOGFILE="$LOGDIR/$PROCS.log" PIDDIR="$HOMEDIR/run" PIDFILE="$PIDDIR/$PROCS.pid" [ -d "$HOMEDIR" ] || { mkdir -p "$HOMEDIR" chown "$USER":"$GROUP" "$HOMEDIR" } [ -d "$CONFDIR" ] || { mkdir -p "$CONFDIR" cp -R /opt/etc/"$PROCS"/* "$CONFDIR"/ chown -R "$USER":"$GROUP" "$CONFDIR" } [ -d "$LOGDIR" ] || { mkdir -p "$LOGDIR" touch "$LOGFILE" chown -R "$USER":"$GROUP" "$LOGDIR" chmod 644 "$LOGFILE" } [ -d "$PIDDIR" ] || { mkdir -p "$PIDDIR" chown -R "$USER":"$GROUP" "$PIDDIR" } } protect ~ # ! не руководство к действию, а информация к размышлению ! Если предусмотрено конфигами (php-fpm, nginx, ...) или ключами (privixy, ...), этим и надо пользоваться. Quote Link to comment Share on other sites More sharing options...
TheBB Posted February 13, 2023 Share Posted February 13, 2023 ~ # ls -1 /opt/lib/opkg/info/*.control | wc -l 751 ~ # "ахтунг", 751 файл, откуда стока набралось... ~ # ~ # cat /opt/etc/passwd-draft root:$1$qIcnZlor$aUMGvS6VL7brlpSxLZO1y0:0:0:Root:/opt/root:/opt/bin/sh nobody:*:65534:65534:user "nobody"::/opt/bin/nologin ~ # ~ # cat /opt/etc/group-draft root:*:0:root nobody:*:65534:nobody ~ # юзверей и групп маловато будет для такого ~ # ~ # time sh ./ug.sh Adding a new ntp group with an ID 123 Adding a new ntp user with an ID 123 Adding a new domoticz group with an ID 6144 Adding a new domoticz user with an ID 6144 Adding a new git group with an ID 382 Adding a new git user with an ID 382 Adding a new icecast group with an ID 87 Adding a new icecast user with an ID 87 Adding a new mosquitto group with an ID 200 Adding a new mosquitto user with an ID 200 The mosquitto group already exists The mosquitto user already exists Adding a new mpd group with an ID 65536 Adding a new mpd user with an ID 65536 Adding a new sshd group with an ID 22 Adding a new sshd user with an ID 22 Adding a new pulse group with an ID 51 Adding a new pulse user with an ID 51 Adding a new transmission group with an ID 224 Adding a new transmission user with an ID 224 real 0m 1.22s user 0m 0.71s sys 0m 0.42s ~ # шустро, однако. ~ # ~ # cat /opt/etc/passwd-draft root:$1$qIcnZlor$aUMGvS6VL7brlpSxLZO1y0:0:0:Root:/opt/root:/opt/bin/sh nobody:*:65534:65534:user "nobody"::/opt/bin/nologin ntp:x:123:123:user "ntp"::/opt/bin/false domoticz:x:6144:6144:user "domoticz"::/opt/bin/false git:x:382:382:user "git"::/opt/bin/false icecast:x:87:87:user "icecast"::/opt/bin/false mosquitto:x:200:200:user "mosquitto"::/opt/bin/false mpd:x:65536:65536:user "mpd"::/opt/bin/false sshd:x:22:22:user "sshd"::/opt/bin/false pulse:x:51:51:user "pulse"::/opt/bin/false transmission:x:224:224:user "transmission"::/opt/bin/false ~ # ~ # cat /opt/etc/group-draft root:*:0:root nobody:*:65534:nobody ntp:x:123: domoticz:x:6144: git:x:382: icecast:x:87: mosquitto:x:200: mpd:x:65536: sshd:x:22: pulse:x:51: transmission:x:224: ~ # ну, вот, другое дело. и исчё разок: ~ # ~ # time sh ./ug.sh The ntp group already exists The ntp user already exists The domoticz group already exists The domoticz user already exists The git group already exists The git user already exists The icecast group already exists The icecast user already exists The mosquitto group already exists The mosquitto user already exists The mosquitto group already exists The mosquitto user already exists The mpd group already exists The mpd user already exists The sshd group already exists The sshd user already exists The pulse group already exists The pulse user already exists The transmission group already exists The transmission user already exists real 0m 1.08s user 0m 0.65s sys 0m 0.36s ~ # больше не хотить... велокостыль: Скрытый текст ~ # cat ug.sh #!/bin/sh ### USERID:=${user-name}=${user-id}:${group-name}=${group-id} ### /opt/etc/group: ${group-name}:(groupe-password):${groupe-id}:${includes} ### /opt/etc/passwd: ${user-name}:(user-password):${user-id}:${groupe-id}:${user-description}:${user-home}:${user-shell} ### colors ### ansi_std="\033[0m" ansi_white="\033[1;37m" ### paths to files ### FILE_GROUP="/opt/etc/group" FILE_PASSWD="/opt/etc/passwd" grep '^Require-User' /opt/lib/opkg/info/*.control | cut -d' ' -f2 | while IFS= read -r line do ### group name grpname=$(echo "${line}" | cut -d: -f2 | cut -d= -f1) ### group id grpid=$(echo "${line}" | cut -d: -f2 | cut -d= -f2) ### user name usrname=$(echo "${line}" | cut -d: -f1 | cut -d= -f1) ### user id usrid=$(echo "${line}" | cut -d: -f1 | cut -d= -f2) ### if ${group-id} empty if [ "$grpname" = "$grpid" ]; then gids=$(cut -d: -f3 $FILE_GROUP) g_id=65536 while echo "$gids" | grep -q $g_id; do g_id=$((g_id + 1)) done grpid=$g_id fi ### if ${user-id} empty if [ "$usrname" = "$usrid" ]; then uids=$(cut -d: -f3 $FILE_PASSWD) u_id=65536 while echo "$uids" | grep -q $u_id; do u_id=$((u_id + 1)) done usrid=$u_id fi ### check/add group if grep -q "$grpname" $FILE_GROUP; then printf "\tThe $ansi_white%s$ansi_std group already exists\n" "$grpname" else printf "\tAdding a new $ansi_white%s$ansi_std group with an ID $ansi_white%s$ansi_std\n" "$grpname" "$grpid" echo "$grpname:x:$grpid:" >> $FILE_GROUP fi ### check/add user if grep -q "$usrname" $FILE_PASSWD; then printf "\tThe $ansi_white%s$ansi_std user already exists\n" "$usrname" else printf "\tAdding a new $ansi_white%s$ansi_std user with an ID $ansi_white%s$ansi_std\n" "$usrname" "$usrid" echo "$usrname:x:$usrid:$grpid:user \"$usrname\"::/opt/bin/false" >> $FILE_PASSWD fi done Quote Link to comment Share on other sites More sharing options...
Meccep45 Posted May 17, 2023 Share Posted May 17, 2023 я так запустил. добавил sudo -u nobody -g nobody и права выдал на каталоги. #!/bin/sh ENABLED=yes PROCS=redis-server ARGS="/opt/etc/redis.conf" PREARGS="sudo -u nobody -g nobody" DESC=$PROCS PATH=/opt/sbin:/opt/bin:/opt/usr/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin . /opt/etc/init.d/rc.func Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.