WebFaction
Community site: login faq

Is there a simple way of running a custom application as a different user than the default user? For security reasons one might not want the application to run as the main SSH user as it gives the application full access to your files.

sudo doesn't work, as one cannot specify the password for the user you want to run the app as

asked 07 May '11, 08:22

Torep
112
accept rate: 0%


You can run applications as the user you are logged in with, but there is no easy way to run code as a sub-user while you are logged in with your main SSH user.

permanent link

answered 07 May '11, 08:43

tie
1.4k13
accept rate: 44%

Found a workaround using SSH to start apps as another user:

Make user (with shell access) for your scripts ie nonprivuser via Webfaction CP Login as your mainuser
if folder .ssh doesn't exist create it: mkdir -m 0700 .ssh
ssh-keygen -t rsa (accept default file name, use empty passphrase)
ssh nonprivuser@localhost 'mkdir -m 0700 .ssh'
cat ~.ssh/id_rsa.pub | ssh nonprivuser@localhost 'cat >> .ssh/authorized_keys'
ssh nonprivuser@localhost 'chmod 0640 .ssh/authorized_keys && ln -s authorized_keys authorized_keys2'

Now you can run commands as nonprivuser by
ssh nonprivuser@localhost mycommand
As nonprivuser I made a script to start my custom application (jetty) and then call this script via ssh.

To store the jetty files under my main users home directory I then gave jetty access to a folder in my home dir to store jetty
chmod a+x ~ (needed to cd into subfolder of /home/mainuser)
mkdir -m 0770 jetty
chgrp nonprivuser jetty (change group of file to group of nonprivuser, that is automatically given a group with the user name, main user will automatically be member of this group).

Done! Nonprivuser can now do java -jar /home/mainuser/jetty/jetty.jar
Then you just make a script as nonprivuser to start custom application and call this from the main user (or list it as start script in your custom application)

It is a bit complicated though, I welcome an easier method...

permanent link

answered 07 May '11, 08:49

Torep
112
accept rate: 0%

edited 07 May '11, 12:27

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×47

question asked: 07 May '11, 08:22

question was seen: 3,234 times

last updated: 07 May '11, 12:27

WEBFACTION
REACH US
SUPPORT
AFFILIATE PROGRAM
LEGAL
© COPYRIGHT 2003-2020 SWARMA LIMITED - WEBFACTION IS A SERVICE OF SWARMA LIMITED
REGISTERED IN ENGLAND AND WALES 5729350 - VAT REGISTRATION NUMBER 877397162
5TH FLOOR, THE OLD VINYL FACTORY, HAYES, UB3 1HA, UNITED KINGDOM