[Qemu-devel] Setting new user:group with -daemonize?

[Qemu-devel] Setting new user:group with -daemonize?

[David Barrett]

Is there any way to make the qemu process change users after daemonizing?

Basically, I want to start it as root so I can have it "-redir" with a 
low port (80), and then change to a non-root user after daemonizing.  Is 
there any way to do this currently?

Thankfully it opens the -redir port before forking, so it looks like a 
straightforward change to vc.c: basically adding a call to "setuid()" 
and "setgid()" after the call to "chdir()" on line 8711.

I'd update the -daemonize syntax as follows:

	-daemonize [user[:group]]

Is there any interest in such a patch?

-david

PS: Why does it fork twice?

Re: [Qemu-devel] Setting new user:group with -daemonize?

[Anthony Liguori]

David Barrett wrote:
> Is there any way to make the qemu process change users after daemonizing?
>
> Basically, I want to start it as root so I can have it "-redir" with a 
> low port (80), and then change to a non-root user after daemonizing.  
> Is there any way to do this currently?
>
> Thankfully it opens the -redir port before forking, so it looks like a 
> straightforward change to vc.c: basically adding a call to "setuid()" 
> and "setgid()" after the call to "chdir()" on line 8711.
>
> I'd update the -daemonize syntax as follows:
>
>     -daemonize [user[:group]]
>
> Is there any interest in such a patch?

If you introduced two new options to specify the user and the group.  
Also, I would be interested in a chroot option too :-)

> -david
>
> PS: Why does it fork twice?

It makes sure QEMU is an orphan process (it's parent is pid 1).  It's a 
pretty typical thing to do when daemonizing.

Regards,

Anthony Liguori

>
>

Re: [Qemu-devel] Setting new user:group with -daemonize?

[David Barrett]

Anthony Liguori wrote:
> David Barrett wrote:
>>
>> I'd update the -daemonize syntax as follows:
>>
>>     -daemonize [user[:group]]
>>
>> Is there any interest in such a patch?
> 
> If you introduced two new options to specify the user and the group.  

Ok, so you're saying you prefer two new options:

-user <user>
-group <group>

> Also, I would be interested in a chroot option too :-)

Adding the following also seems easy enough:

-chroot <path>

If I build it, any estimate of how long it'd take to make it into the 
next mainline release?

>> PS: Why does it fork twice?
> 
> It makes sure QEMU is an orphan process (it's parent is pid 1).  It's a 
> pretty typical thing to do when daemonizing.

Ah, very clever.

-david

Re: [Qemu-devel] Setting new user:group with -daemonize?

[Ian Jackson]

David Barrett writes ("Re: [Qemu-devel] Setting new user:group with -daemonize?"):
> Ok, so you're saying you prefer two new options:
> 
> -user <user>
> -group <group>

I agree that that would be sensible.  It should change user and group,
if these options are specified, even if it is not going to daemonise.

Ian.