how to run a command as a nologin user

hi,
i have created a user without any shell with /sbin/nologin
now inside root i have a directory where i can run mvn jett:run command .
but this runs the jetty process as root user.
how to make the user as the nologin user which i created.
if i enter bash shell with the nologin user and run the command i get some error relates to maven .m2 directory

what could be the way to run it with nologin user from inside a script ?

thanks
Rohit BajajAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

simon3270Commented:
Is the problem, assuming you are doing something like
   su other_user -c "mvn jett:run.."
that the other_user doesn't have a home directory?  If it doesn't, it can't find the usual $HOME/.m2 directory for maven settings.

You can specify at least the repository part of the .m2 directory on the command line:
   mvn -Dmaven.repo.local=/path/to/.m2/repository jett:run
(You may be able to specify others.)  Then you just set up a .m2 directory structure, owned by other_user, in the specified location, and and run the above command.
0
Rohit BajajAuthor Commented:
HI,
Although i am doing it another way.
If i try
su flocksnippet -c "mvn jetty:run"
i get the error :
This account is currently not available
dont know why this happens
If i do getent passwd flocksnippet i get :
flocksnippet:x:997:996::/home/flocksnippet:/sbin/nologin

What actually i was doing is :
#!/bin/bash
source /etc/init.d/functions
cd /opt/flock-snippets
daemon —user=flocksnippet “/bin/mvn -Dmaven.repo.local=/root/.m2/repository -X jetty:run” &

Open in new window


when i run this i see the error :
Reading global settings from /usr/share/maven/conf/settings.xml
Reading user settings from /home/flocksnippet/.m2/settings.xml
using local repository at /root/.m2/repository
[ERROR] Could not create local repository at /root/.m2/repository
org.apache.maven.repository.LocalREpositoryNotAccessibleException : Could not create local repository at /root/.m2/repository


For more information see :
https://cwiki.apache.org/confluence/display/MAVEN/LocalRepositoryNotAccessibleException

Open in new window

0
Rohit BajajAuthor Commented:
I tried givin su -s /bin/bash..

That no account error went but the other error could not create repo at /root/.m2/repository came back...
Although this repo is already there...
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

simon3270Commented:
It's easier if the user running the mvn command owns the .m2 direcotry structure - your command is trying to access one owned by root, so the flocksnippet user can't write to it.

Change the parameter to
   -Dmaven.repo.local=/home/flocksnippet/.m2/repository
0
simon3270Commented:
In fact, it looks as though it is already using /home/flocksnippet/.m2 (for settings.xml), so you probbaly don't need the -Dmaven.repo.local parameter at all.

What was the original error you were seeing?
0
Rohit BajajAuthor Commented:
Hi,
I found it out. This was a permissions issue
Although i changed the group for .m2 and repository folder to flocksnippet
But the root still had root access only.
So maven was not able to access the path /root/.m2/repository

want to know one thing
i used chgrp to change the group for a folder. But like for root/.m2/repository
I had to execute chgrp /root
chgrp /root/.m2
and chgrp /root/.m2/repository
Is there any way to do it in one go ?

Also as in my current case .m2 folder is placed inside /root
And any such nologin process which i create may need to access this and so
i need to give access to this folder. What i am doing currently is creating a group out of root, flocksnippet name it flocksnippet and assign this group to all the folders on the path.

Is this a good way to do ?
Should .m2 folder be placed somwhere else instead of root  ?
0
simon3270Commented:
You can use the -R option on chgrp to recursively go down a directory tree, so

    chgrp -R  flocksnippet /root/.m2

You don't need to change the group ownership of /root itself, you just have to allow "other" to read the directory, so "chmod 755 /root" would do it.

However, since you are running the maven program as the flocksnippet user, and flocksnippet has its own home directory, it would be better to use that home directory. Yiou *could* copy over the entire .m2 tree using:
    cd /root
    cp -R .m2 /home/flocksnippet
    chown -R flocksnippet /home/flocksnippet/.m2
then you can remove the flocksnippet group, and change /root back to being owned by the "root" group.

I wouldn't bother - just remove your -Dmaven.repo.local option and let it use the default location for the flocksnippet user, its home directory.  If you've edited /home/flocksnippet/.m2/settings.xml to point to /root/.m2, undo that change too.

If you have any other "nologin" users to run other tasks, they should have their own directories too.  It would be *possible* for all of them to share a single .m2 directory, but you would have to be very careful about permissions.  For example, if one user created a new file in the /m2 directory tree, they would own that file - that might mean that other nologin users cannot write to that file later on.  To make this work you would have to ensure that all such users had a umask value of no more that "002" (certainly not "022"), and that new files were created with the shared group as the file's group.  I still think it's more trouble than it's worth, unless you are worried about having multiple copies of the maven repository on the machine (with the extra disk space and network traffic that would cause).
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.