I want to run several services/daemons on my router. By default, some of them run as root. I am not ok with this.
-
Some services have the option to change their user when they start. Mosquitto for example. This is easy. No help needed here.
-
But some services don't have the option to drop privileges when they start. They must be started directly as a normal user. How do I change the startup scripts to run them as normal users? Is there a universal method that can be used for any startup script?
-
How do I allow services started as normal users to create logs in /var/log/ directory? This directory is not persistent. Changing the owner of an existing log file won't survive after reboot. Is it possible to touch and chown a file before services are started?
-
How do I allow services to create pid files in /var/run ?
-
How do I change permissions to /dev devices to allow access from non-root services?
Thank you!