1

A separate user has been created whose purpose is to execute a script that keeps a particular process running constantly on my server.

This process needs to run at a higher priority requiring it to be executed via the 'nice' command.

The issue is that executing 'nice' requires elevated privileges to run and for security purposes this process that is kept running needs not to gain these elevated permissions when we use 'nice'.

How can I give my user the ability to execute 'nice' without making him 'sudo' it? If that's not an option, How can I 'sudo nice' without the program executed through 'nice' gaining elevated permissions this way?

I would prefer just allowing the user access to 'nice'

KKlouzal
  • 113
  • Set the default priority for that use in /etc/security/limits.conf: http://unix.stackexchange.com/a/8987/70524 – muru Mar 08 '16 at 22:58
  • Is there a way to do it for a particular program system wide instead of everything executed by that user? – KKlouzal Mar 08 '16 at 23:07
  • Not that way. You could write a wrapper script that runs sudo nice and use http://askubuntu.com/q/159007/158442 – muru Mar 08 '16 at 23:10

1 Answers1

0

I would suggest to use the sudo command:

sudo nice -n $priority sudo -u $user $command

By using this command the command will run with the rights of the user account.

muru
  • 197,895
  • 55
  • 485
  • 740
LeTeX
  • 16
  • 1
    This works and It does directly solve the issue at hand. I find it hard to believe that there is no way to just give my user rights to execute 'nice' – KKlouzal Mar 08 '16 at 23:22
  • @KKlouzal To change from the defaults you have to define the limits in the configurations. If you can't then you need super user to set the niceness accordingly because it's a kernel level priority change which can't be done by standard users... there's no way around that... but his command does "solve" the problem via a workaround they did here. – Thomas Ward Mar 09 '16 at 02:03