Thanks for that piece of information Alan. Much appreciated.<br><br>As Alan has explained, here is a ps of my user tac-plus running the program.<br><br>
root@tacacs-1:/var/log# ps aux | grep tac<br>
tac-plus 10847 0.0 0.0 2316 544 pts/0 S 12:20 0:00 /tac-plus/bin/tac_plus -C /tac-plus/etc/tac_plus.cfg<br><br>Please be aware that if you want to run it as a different user other than root AND also want to login by using the user's password in /etc/passwd then you will need to set GID to "shadow". This will allow you to read the /etc/passwd file.<br>
<br># grep shadow /etc/group<br>shadow:x:42:<br><br>./configure --prefix /tac-plus --with-acctfile=/var/log/tac_acc.log --with-logfile=/var/log/tac_plus.log --with-userid=1001 --with-groupid=42<br><br>Now when the program starts up it will show the uid=1001 (tac-plus user) and the gid=42 (GID shadow).<br>
<br># /tac-plus/bin/tac_plus -C /tac-plus/etc/tac_plus.cfg -t -g -d 128<br>Reading config<br>Version F4.0.4.19 Initialized 1<br>tac_plus server F4.0.4.19 starting<br>uid=1001 euid=1001 gid=42 egid=42 s=5<br><br>Thanks to this guy's useful post:<br>
<br><a href="http://www.billyguthrie.com:8081/billyguthrie.com/projects/test/various-cisco-howtos-documents-and-notes/cisco-and-tacacs">http://www.billyguthrie.com:8081/billyguthrie.com/projects/test/various-cisco-howtos-documents-and-notes/cisco-and-tacacs</a><br>
<br>Hope that helps newbies like me out there.<br><br>Cheers.<br><br>Andy<br><br>-----<br><br><div class="gmail_quote">On Wed, Nov 25, 2009 at 5:43 PM, Alan McKinnon <span dir="ltr"><<a href="mailto:alan.mckinnon@gmail.com">alan.mckinnon@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><div><div></div><div class="h5">On Wednesday 25 November 2009 04:45:31 Andy Saykao wrote:<br>
> Hi All,<br>
><br>
> Is there a way to install the program as a different user other than root??<br>
> I'm installing this on Ubuntu Server 8.10.<br>
><br>
> For example I've created a user called tac-plus with uid and gid of 1001.<br>
><br>
> /etc/passwd:<br>
> tac-plus:x:1001:1001:TACACS+ User,,,:/home/tac-plus:/bin/bash<br>
><br>
> /etc/group:<br>
> tac-plus:x:1001:<br>
><br>
> I then configured it with the userid and groupid:<br>
><br>
> ./configure --prefix /tac-plus --with-acctfile=/var/log/tac_acc.log<br>
> --with-logfile=/var/log/tac_plus.log --with-userid=1001 --with-groupid=1001<br>
><br>
> But once the program was installed, the files and directories are all still<br>
> own by root?<br>
><br>
> root@tacacs-1:/tac-plus# ls -la<br>
> total 24<br>
> drwxr-xr-x 6 root root 4096 2009-11-25 12:14 .<br>
> drwxr-xr-x 21 root root 4096 2009-11-25 12:14 ..<br>
> drwxr-xr-x 2 root root 4096 2009-11-25 12:14 bin<br>
> drwxr-xr-x 2 root root 4096 2009-11-25 12:14 include<br>
> drwxr-xr-x 2 root root 4096 2009-11-25 12:14 lib<br>
> drwxr-xr-x 4 root root 4096 2009-11-25 12:14 share<br>
><br>
> Any ideas how to install it as a different user?<br>
<br>
</div></div>It is already correctly installed. The tac-plus user simply needs to read and<br>
execute the files, not own them or write to them.<br>
<br>
Check other daemons that drop privileges at runtime, those files are normally<br>
owned by root as well as root is the only user that can write to system areas.<br>
<br>
tac-plus just needs to be able to write it's pid file<br>
<font color="#888888"><br>
--<br>
alan dot mckinnon at gmail dot com<br>
</font><div><div></div><div class="h5">_______________________________________________<br>
tac_plus mailing list<br>
<a href="mailto:tac_plus@shrubbery.net">tac_plus@shrubbery.net</a><br>
<a href="http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus" target="_blank">http://www.shrubbery.net/mailman/listinfo.cgi/tac_plus</a><br>
</div></div></blockquote></div><br>