I have this upstart script that looks a bit like this:
setuid userA
setgid userB
script
# ... bunch of stuff run as userA
end script
post-start script
# ... command run as userA
# ... the following command needs to be run as root
setuid root # <---- this is not legal syntax
service myservice restart # <---- I need to run this as root
end script
So, I've gone through the documentation and found out that setuid doesn't work inside post-start, and userA is not in the sudoer list, so I can't just do sudo service myservice restart. In fact, in the most ideal situation, I should actually be running myservice as another user instead.
How do I get about this? I'm scratching my head without any solutions for a whole day now.
As suggested by the answer, a way is to create another upstart job that runs when the previous upstart script runs. So instead of having service myservice restart in jobA, we create /etc/init/myservice-hook.conf and have it trigger when jobA is running (as per the answer).
On my side, I managed to solve the problem by removing both setuid and setgid so that the script runs as root, and then selectively putting sudo -u userA <command> inside the script. I'll use the answer provided instead because I think it has better isolation of concerns.
