Best practice to run Linux service as a different user

Question

Services default to starting as root at boot time on my RHEL box. If I recall correctly, the same is true for other Linux distros which use the init scripts in

Answer 1

Some things to watch out for:

• As you mentioned, su will prompt for a password if you are already the target user
• Similarly, setuid(2) will fail if you are already the target user (on some OSs)
• setuid(2) does not install privileges or resource controls defined in /etc/limits.conf (Linux) or /etc/user_attr (Solaris)
• If you go the setgid(2)/setuid(2) route, don't forget to call initgroups(3) -- more on this here

I generally use /sbin/su to switch to the appropriate user before starting daemons.