[Mono-list] Running mono-service in linux as non-root

Edward Ned Harvey (mono) edward.harvey.mono at clevertrove.com
Tue Dec 2 11:46:03 UTC 2014


> From: mono-list-bounces at lists.ximian.com [mailto:mono-list-
> bounces at lists.ximian.com] On Behalf Of alexc
> 
> X, no servers except ssh, only relevant software).  I created an
> `/etc/init.d` script

There's a much easier/better way.  Just make your application a console application (or a windows application with no windows - for example, create a class library and then change its compile-type to "Executable", and give exactly one class a "static void Main (string[] args)" method)

This is for upstart - I'm pretty sure it's a good idea to figure out how to do the exact same thing with systemd - But this works for all modern linux OS variants I've tried -

Create a file  

cat > /etc/init/servicename.conf << EOF
description     "My Service"
author          "My Company, Inc. <support at mycompany.com>"

# "started network" is rhel/centos terminology
# "net-device-up" is debian/ubuntu terminology
# By putting them both here, /etc/init/synctuary.conf can be identical, and compatible on either platform
start on runlevel [2345] and ( started network or net-device-up )
stop on runlevel [016]

exec /usr/bin/mono /usr/local/bin/myservice.exe
EOF

Then you can start/stop it with "initctl start servicename" etc.

You can make it manual if you want.
echo "manual" > /etc/init/servicename.override


> For security reasons, I need to be able to run the service as non-root.  I
> created a new user and made it owner of the directories where the
> application writes its log files and added it to various groups to give it
> access to required device files.  Then, root would start the application as

Normally what you would do is to start as root, and then drop privilege.  This is because generally speaking, daemons require access to things that only root can access - for example, bind to port 80 or 443, etc.  You can drop privilege with 

Mono.Unix.Native.Syscall.setuid and Mono.Unix.Native.Syscall.setgid


> but then, when I kill the service (i.e. send SIGTERM to the `mono` process),
> it stops the .net application immediately without allowing it to execute the
> `finally` block.

Have a look at "Can I use signal handlers with Mono?" 
http://www.mono-project.com/docs/faq/technical/


> **Finally, my question** is whether someone has an idea why `mono-
> service`
> is failing when not started as root.

I'm surprised you got it to run at all - I've never gotten mono-service to work at all.  I have found, all the stuff I wrote above, makes everything very easy and reliable.


More information about the Mono-list mailing list