No option to have JavaServer run as a user with a login shell

[timperrett]

Hey guys,

Turns out the user that runs the service (daemonUser in Linux) does not have a login shell. This is often very important if you wish to read environmental variables etc, otherwise its not possible. I have the following fix in a fork, but its clearly not very general and suggest a better solution in the mainline as im sure this is a feature wanted by many:

useradd --shell /bin/bash --gid ${{daemon_group}} --no-create-home --system -c '${{descr}}' ${{daemon_user}}

Thanks, Tim

[muuki88]

I think a simple setting daemonUserShell := "/bin/false" should be sufficient enough. You can then override on your own risk. @kardapoltsev , what do you say as our security expert :)

[kardapoltsev]

The same:

You can then override on your own risk

[timperrett]

Interestingly, my previously posted solution doesnt appear to be an entire solution. Using runuser -l also doesnt seem to help - i need the daemonUser to be able to read the env, but nothing i do seems to help. Suggestions?