Best practice to run Linux service as a different user

Question

Services default to starting as root at boot time on my RHEL box. If I recall correctly, the same is true for other Linux distros which use the init scripts in

Answer 1

• Some daemons (e.g. apache) do this by themselves by calling setuid()
• You could use the setuid-file flag to run the process as a different user.
• Of course, the solution you mentioned works as well.

If you intend to write your own daemon, then I recommend calling setuid(). This way, your process can

1. Make use of its root privileges (e.g. open log files, create pid files).
2. Drop its root privileges at a certain point during startup.