runas(8) program to run daemons as non priviledge users

SYNOPSIS

runas [-c directorio] [uid] [gid] [umask] [program] [[options]]

DESCRIPTION

runas is a small program that allows administrators a generic way to run daemons as non privileged users.
 

runas is equivalent to using su but it strips off the environment and does not require the target user's shell to be legitimate (that is, listed under /etc/shells)

The main reason of using runas is to avoid having daemons run as the root user, in some cases this might be necessary (like login programs, such as ssh or telnetd that need to switch to the user making the connection) but in many cases it might not be necessary at all. It can be also a good replacement for su, since it prevents attacks to daemons through the use of environment variables. Just change (in your initialisation scripts under /etc/init.d) the line:
 

su - daemon -c /usr/bin/blah
 

to:

runas daemon daemongroup /usr/bin/blah
 

OPTIONS

This program just takes two command line options:

-?
Show summary of options.
-cdirectory
Chroot the daemon to a specific directory before execution.

AUTHOR

This manual page was written by Javier Fernandez-Sanguino Pen~a <[email protected]> for the Debian system (but may be used by others). Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 any later version published by the Free Software Foundation.
 

On Debian systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL.