2

I have an Upstart job for a Node.js application, and I want to make it run Node as the node user rather than root. When I use setuid in the job config, whenever I try to start the job, it says my-app stop/waiting. However, if I omit setuid but use exec with sudo, it works as I expect.

I have created node as a system user. As far as I know, all of the relevant files and directories are accessible by that user. The version of Upstart I am using is 1.12.1.

Config with setuid:

script setuid node chdir /var/app/my-app exec nodejs server.js end script

versus the config with sudo:

script chdir /var/app/my-app exec sudo -u node nodejs server.js end script

What differences are there between Upstart's setuid behavior and sudo behavior that would make one fail and the other succeed?

Improve this question

1 Answer 1

Reset to default
3

The setuid stanza should not be in script block, it's global. This is probably the reason your job fails for.

Note that using setuid will make all job phases run as the user specified and there's no way to change it. If you want to run only a daemon as a different user, avoid sudo and go with start-stop-daemon instead. This is especially important with forking daemons. Check Ubuntu's Upstart Cookbook, chapter 11.43.2 for details.

Improve this answer
2

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.