Re^4: How to run a perl script under "nobody" user?

What I really want is the script can run under "nobody" user like the Apache way.

We usually start apache like this:

sudo /usr/local/apache2/bin/apachectl start
[download]

then, when we `ps aux | grep apache`, we can find that apache's user id is "nobody":

root      1102  0.3  0.2   5972  2368 ?        Ss   18:35   0:00 /usr/
+local/apache2/bin/httpd -k start
root      1103  0.0  0.0   1620   300 ?        S    18:35   0:00 /usr/
+bin/cronolog /usr/local/apache2/logs/access_%Y-%m-%d-%H-%M.log
nobody     1109  0.0  0.1   5972  1496 ?        S    18:35   0:00 /usr
+/local/apache2/bin/httpd -k start
nobody     1110  0.0  0.1   5972  1496 ?        S    18:35   0:00 /usr
+/local/apache2/bin/httpd -k start
nobody     1111  0.0  0.1   5972  1496 ?        S    18:35   0:00 /usr
+/local/apache2/bin/httpd -k start
nobody     1112  0.0  0.1   5972  1496 ?        S    18:35   0:00 /usr
+/local/apache2/bin/httpd -k start
nobody     1113  0.0  0.1   5972  1496 ?        S    18:35   0:00 /usr
+/local/apache2/bin/httpd -k start
[download]

How can I make my perl script like this?

Comment on Re^4: How to run a perl script under "nobody" user? Select or Download Code

Replies are listed 'Best First'.
Re^5: How to run a perl script under "nobody" user? by JavaFan (Canon) on Nov 19, 2008 at 10:54 UTC
What I really want is the script can run under "nobody" user like the Apache way That requires root access. Apache starts as root, and then forks (repeatedly). The children then drop their privileges. For Perl processes to drop their privileges, assign to $<, $>, $( and $). Or use POSIX::setuid/POSIX::setgid. But from your OP, I don't see why you want to do it the "Apache way" and why su(do) won't do. Note that you'll need root access at some stage to set up permissions that allows you to run processes as a different user. Another option is to install the program owned by nobody, and use file (or acl) permissions to run it setuid.	[reply]
Re^5: How to run a perl script under "nobody" user? by moritz (Cardinal) on Nov 19, 2008 at 10:46 UTC
With sudo. Afaict Apache does it differently, it starts as root and then drops privileges. That's better in Apache's case (because it has to set up log files in the parent process, for example, and it can't do that as user nobody), but for a simple perl script it's much easier to use an external program, be it sudo or su.	[reply]
Re^5: How to run a perl script under "nobody" user? by MidLifeXis (Monsignor) on Nov 19, 2008 at 14:58 UTC
One other thing that root is needed for is binding to port 80 (<1024). But, as was said above, this is no longer a Perl issue. --MidLifeXis	[reply]