Starting python script as 'user' on boot - maemo.org

pooze | # 1 | 2013-04-26, 12:28 | Report

Hello.

I'm struggling a bit with starting a python script at boot as 'user'. I found out that there should be a configuration file in /etc/init/apps, which I made.

Code:

description "My PowerOn Script"
author "xxx"
stop on stopping xsession
console none
nice 2
exec /usr/bin/aegis-exec -s -u user /bin/sh -c "python /home/user/bin/poweron.py"

.. but when I look at the process once it has started, it is run as 'nobody'. The other processes started from config files in the same directly look similar and seem to be started as 'user', but for my script it seems to ignore my request.

I also tried

Code:

exec /usr/bin/aegis-exec -s -u user -l /home/user/bin/poweron.py

with the same result. I did try to chmod +s on the script itself (it has a hash-bang for python in the header), which is something root apparently can't do (??)

Code:

/home/user/bin # id
uid=0(root) gid=0(root) groups=0(root),4(adm),20(dialout),44(video),670(pulse-access)
/home/user/bin # chmod +s poweron.py 
chmod: poweron.py: Operation not permitted
/home/user/bin # exit
~/bin $ id
uid=29999(user) gid=30024(developer) groups=0(root),20(dialout),44(video),670(pulse-access),29999(users),30011(metadata-users),30014(calendar),30023(gallerycoredata-users),9990210,9990252,9990253,9990254,9990255,9990256,9990288,9990289,9990349,9990402,9990403,9990430,9990588
~/bin $ chmod +s poweron.py 
~/bin $ ls -l poweron.py 
-rwsr-sr-x    1 user     develope      2548 Apr 23 08:36 poweron.py

.. which strikes me as very weird. However, it also ignores that bit.

Then I though, "Hey, let's just start it as root and setuid() our way to the normal user id."

Code:

~ # python
Python 2.6.6 (r266:84292, Mar 11 2011, 01:19:30) 
[GCC 4.4.1] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import pwd, grp, os
>>> os.getuid()
0
>>> uid = pwd.getpwnam('user').pw_uid
>>> uid
29999
>>> os.setuid(uid)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
OSError: [Errno 1] Operation not permitted

Well, that was a no-go. (Works as expected on my ubuntu machine).

Oh, and apparently root can't kill the processes started by nobody either.

Code:

/etc/init/apps # ps afx | grep power
 2708 nobody   /bin/sh -c python /home/user/bin/poweron.py
 2710 nobody   python /home/user/bin/poweron.py
 2916 root     grep power
/etc/init/apps # kill 2708 2710
sh: can't kill pid 2708: Operation not permitted
sh: can't kill pid 2710: Operation not permitted
/etc/init/apps # kill -9 2708 2710
sh: can't kill pid 2708: Operation not permitted
sh: can't kill pid 2710: Operation not permitted
/etc/init/apps # id
uid=0(root) gid=0(root) groups=0(root),4(adm),20(dialout),44(video),670(pulse-access)
/etc/init/apps # devel-su nobody
su: can't chdir to home directory '/nonexistent'


BusyBox v1.20.0.git (MeeGo 3:1.20-0.2+0m8) built-in shell (ash)
Enter 'help' for a list of built-in commands.

/ $ kill 2708 2710
/ $

Then I went the devel-su direction. Couldn't find which options it would take:

Code:

~ # devel-su --help
Usage: su [OPTIONS] [-] [USER]

so I went to the ubuntu machine to find the -c option for 'su' for running a command as that user. I tried that and finally got it working by using the line:

Code:

exec devel-su -c "python /home/user/bin/poweron.py" - user

in the /etc/init/apps/poweron.conf file. Somehow I have the feeling that I have done something wrong here. Several times over. Could someone try to enlightenme a bit on the behaviour that at least to me strikes me as a bit odd?

juiceme | # 2 | 2013-04-26, 19:54 | Report

Well yes, that's aegis for you

You seem to be running your device in closed mode, and so a lot of normal unix operations like certain mode changes, process access modifications etc. are forbidden even when you are running as root as long as you do not have the correct access tokens

There are 3 possible solutions;

flash an open mode kernel (that's my favourite solution)
use inception to go around the limitations
have your application installer approved by Nokia so you get the access tokens

The Following User Says Thank You to juiceme For This Useful Post:
pooze

pooze | # 3 | 2013-05-02, 15:47 | Report

Thanks, I'll have a look at flashing the open mode kernel then.