I'm building a service to be deployed to a clean VM. There are things that need to be done by root (e.g. installing stuff) and other things that need to be done by the non-privileged user that will be running the service (e.g. configuration). These are the ways I've come up with for the setup script:
- Single file, assume a non-privileged user: either preface each command needing root with
sudoor have all the root stuff done in asudo su ... logoutblock. If I need tosudomore than once the script may block awaiting input depending on how long the previous commands took. - Single file, assume root privileges: this will need a
su <someuser>to do stuff that shouldn't be done by root. <someuser> will have to be hardcoded but that's not a problem as long as I create said user first. - Separate files run with different privileges.
I'm leaning towards (2), AFAICT it's what most existing systems (apt-get, rpm, etc) do. Am I missing any sensible options? Am I not seeing some consequence of the three ways I've listed? I'm not looking to learn a configuration management tool such as Puppet or Chef at the moment.
[link] [comments]