Quoting Benjamin Kaduk <ka...@mit.edu>:
On Fri, 26 Sep 2014, Jaap Winius wrote:
Are you suggesting that I alter the /etc/init.d/ script that starts
up the daemon in question, ...
That's the general idea, yes. ...
Okay, I figured it out. I altered /etc/init.d/zz by adding the
following line to the do_start function just before the zz daemon is
started up:
start-stop-daemon --start --pidfile /run/zz/k5start-zz.pid \
--chuid $USER:$GROUP --exec /usr/bin/k5start -- \
-b -p /run/zz/k5start-zz.pid \
-K 10 -l 24h -k /tmp/krb5cc_107 -o zz \
-L -t -U -f /etc/krb5-zz.keytab
The trick was to add the --chuid option so that k5start is run with
the UID/GID of the zz daemon; otherwise k5start will run aklog as root
and the desired AFS token will not be created (Dirk was correct). In
addition, I created the /run/zz/ directory, owned by the zz user, so
that k5start would be allowed to save the PID file there.
And in case anyone might be wondering, this is what I added to the
do_stop function in /etc/init.d/zz after the zz daemon is stopped:
/usr/bin/sudo -u zz /usr/bin/unlog
/usr/bin/sudo -u zz /usr/bin/kdestroy
start-stop-daemon --stop --pidfile /run/zz/k5start-zz.pid
Thanks!
Jaap
_______________________________________________
OpenAFS-info mailing list
OpenAFS-info@openafs.org
https://lists.openafs.org/mailman/listinfo/openafs-info
