Linux – Upstart: Run service as unprivileged user and pre-start script as root


I have following upstart job:

description "posty api"

start on mysql
stop on shutdown

env RACK_ENV=production

setuid vmail
setgid vmail

chdir /opt/posty_api

pre-start script
    mkdir -p /var/run/posty
    chown -R vmail:root /var/run/posty
end script

exec /usr/local/bin/unicorn -D -c /opt/posty_api/unicorn.rb --env production >> /var/log/posty/upstart.log 2>&1

post-stop exec kill `cat /var/run/posty/`

respawn limit 1 10

To create the folder in /var/run I need root privileges. How can I run some parts of the upstart job as root, and the service itself as unprivileged user?

Best Answer

upstart has no facility equivalent to systemd's PermissionsStartOnly setting. All processes in the job run as the user set via the setuid stanza, as the Cookbook says.

So do things the daemontools way.

Use setuidgid, setuidgid, s6-setuidgid, chpst, runuid, or setuidgid in the exec stanza:

exec \
setuidgid somebody \
unicorn -D -c /opt/posty_api/unicorn.rb --env production >> /var/log/posty/upstart.log 2>&1

That's a terrible logging mechanism, by the way. The daemontools way would have a proper, automatically cycled, rotateable-on-demand, size-capped, log using multilog, multilog, s6-log, svlogd, tinylog, or cyclog. upstart is tricky to integrate with those, however, given its expect mechanism.

expect fork
exec \
setuidgid somebody \
unicorn -D -c /opt/posty_api/unicorn.rb --env production 2>&1 | \
/usr/local/bin/chdir /var/log/ \
setuidgid log \
cyclog posty/unicorn/

(The chdir here is the chain-loading one from the nosh package, and isn't strictly necessary. But it makes things somewhat tidier.)