[tac_plus] Re: Installing tac_plus as a different user other than root??

Andy Saykao asaykao at gmail.com
Fri Nov 27 01:34:34 UTC 2009 

Thanks for that piece of information Alan. Much appreciated.

As Alan has explained, here is a ps of my user tac-plus running the program.

root at tacacs-1:/var/log# ps aux | grep tac
tac-plus 10847  0.0  0.0   2316   544 pts/0    S    12:20   0:00
/tac-plus/bin/tac_plus -C /tac-plus/etc/tac_plus.cfg

Please be aware that if you want to run it as a different user other than
root AND also want to login by using the user's password in /etc/passwd then
you will need to set GID to "shadow". This will allow you to read the
/etc/passwd file.

# grep shadow /etc/group
shadow:x:42:

./configure --prefix /tac-plus --with-acctfile=/var/log/tac_acc.log
--with-logfile=/var/log/tac_plus.log --with-userid=1001 --with-groupid=42

Now when the program starts up it will show the uid=1001 (tac-plus user) and
the gid=42 (GID shadow).

# /tac-plus/bin/tac_plus -C /tac-plus/etc/tac_plus.cfg -t -g -d 128
Reading config
Version F4.0.4.19 Initialized 1
tac_plus server F4.0.4.19 starting
uid=1001 euid=1001 gid=42 egid=42 s=5

Thanks to this guy's useful post:

http://www.billyguthrie.com:8081/billyguthrie.com/projects/test/various-cisco-howtos-documents-and-notes/cisco-and-tacacs

Hope that helps newbies like me out there.

Cheers.

Andy

-----

On Wed, Nov 25, 2009 at 5:43 PM, Alan McKinnon <alan.mckinnon at gmail.com>wrote:

> On Wednesday 25 November 2009 04:45:31 Andy Saykao wrote:
> > Hi All,
> >
> > Is there a way to install the program as a different user other than
> root??
> > I'm installing this on Ubuntu Server 8.10.
> >
> > For example I've created a user called tac-plus with uid and gid of 1001.
> >
> > /etc/passwd:
> > tac-plus:x:1001:1001:TACACS+ User,,,:/home/tac-plus:/bin/bash
> >
> > /etc/group:
> > tac-plus:x:1001:
> >
> > I then configured it with the userid and groupid:
> >
> > ./configure --prefix /tac-plus --with-acctfile=/var/log/tac_acc.log
> > --with-logfile=/var/log/tac_plus.log --with-userid=1001
> --with-groupid=1001
> >
> > But once the program was installed, the files and directories are all
> still
> > own by root?
> >
> > root at tacacs-1:/tac-plus# ls -la
> > total 24
> > drwxr-xr-x  6 root root 4096 2009-11-25 12:14 .
> > drwxr-xr-x 21 root root 4096 2009-11-25 12:14 ..
> > drwxr-xr-x  2 root root 4096 2009-11-25 12:14 bin
> > drwxr-xr-x  2 root root 4096 2009-11-25 12:14 include
> > drwxr-xr-x  2 root root 4096 2009-11-25 12:14 lib
> > drwxr-xr-x  4 root root 4096 2009-11-25 12:14 share
> >
> > Any ideas how to install it as a different user?
>
> It is already correctly installed. The tac-plus user simply needs to read
> and
> execute the files, not own them or write to them.
>
> Check other daemons that drop privileges at runtime, those files are
> normally
> owned by root as well as root is the only user that can write to system
> areas.
>
> tac-plus just needs to be able to write it's pid file
>
> --
> alan dot mckinnon at gmail dot com
> _______________________________________________
> tac_plus mailing list
> tac_plus at shrubbery.net
> http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.shrubbery.net/pipermail/tac_plus/attachments/20091127/365295bc/attachment.html

More information about the tac_plus mailing list