Scenario / Questions


touch: cannot touch `/var/run/’: Permission denied

I am starting start-stop-daemon and like to write the PID file in /var/run
start-stop-daemon is run as my-program-user

/var/run setting is drwxr-xr-x 9 root root

I like to avoid putting my-program-user in the root group.

Find below all possible solutions or suggestions for the above questions..

Suggestion: 1

By default, you can only write to /var/run as a user with an effective user ID of 0 (ie as root). This is for good reasons, so whatever you do, don’t go and change the permissions of /var/run… Instead, as root, create a directory under /var/run:

# mkdir /var/run/mydaemon

Then change its ownership to the user/group under which you wish to run your process:

# chown myuser:myuser /var/run/mydaemon

Now specify to use /var/run/mydaemon rather than /var/run.

You can always test this by running a test as the user in question.

Suggestion: 2
mkdir /var/run/mydaemon
chown myuser:myuser /var/run/mydaemon

this will not work, since it will be lost at the next reboot (/var/run is a tmpfs on Ubuntu).

The only feasible solution is to run mkdir and chmod as part of the startup scripts.

Suggestion: 3

You can try this. Create a directory /var/run/test/ and then change the permission of this directory to the same user as your program runs. ” chown /var/run/test/” . Now in your application change the location of the PID file to /var/run/test/ This should get things working for you.

Suggestion: 4

What about using the “sticky” bit on /var/run ?

chmod +t /var/run ?

Probably mess up some other apps, but it seems like it would be another solution.

I’ll stick with creating a separate /var/run folder for now, however.

Suggestion: 5

Entries in the /etc/permissions are permanent. Make an entry there to make the ownership and permissions for a directory permanent.

Suggestion: 6

To avoid putting your program-user in the root group, allow others write access:

# chmod 757