I am not sure what you mean:

~> id -u
1000
~> /sbin/rc
usage: rc action daemon ...

e.g: rc list
rc help
rc start sshd gpm
~> /sbin/rc list
[STARTED][AUTO] alsa
[STOPPED][ ] avahi-daemon
[STOPPED][ ] avahi-dnsconfd
[STARTED][AUTO] cups
[STARTED][AUTO] dbus
[STARTED][AUTO] fcrond
...

The check for root privileges is only required for
starting / stoping a service.

If a normal user tries to start a service it does not work.
So the user rights should be checked before rc tries to start/stop/restart a service.

If the user does not have the required privileges rc should not try to execute the command,
echo something like "Error: You need to use sudo or to be root"
and exit.

eg:
[boenki ~]$ id -u
1000
[boenki ~]$ rc start dbus
:: Starting D-BUS system messagebus [BUSY]
Failed to start message bus: The pid file "/var/run/dbus.pid" exists, if the message bus is not running, remove this file
[FAIL]

Hmmm... It is not obvious what permissions are needed to start/stop a service (apart from the fact that we need write access to /run/daemons, but maybe this restriction could be lifted if we really wanted to), it really depends on the daemon.

I notified Seblu in case he sees a reasonable solution to this. At the moment I do not.

I don't really see the need either though, if you don't have the permissions it will be obvious enough... I'll close as won't implement unless someone proposes an elegant implementation.

rc.d scripts are meant to be used as root, so that one is easy.

BTW Tom, you can assign a bug to any bug tracker user, not only developers.

@brain0: if that's the policy, then that makes everything easy. Should be simple to implement. Patches welcome ;-)

I didn't manage to assign the bug to anyone not in the list... but I guess the notification has the same effect.

/sbin/rc.d is a wrapper around /etc/rc.d/* scripts.
If we want to disallow non-root users to "run" a rc.d script, we should _not_ implement this into /sbin/rc.d but in functions.
Otherwise rc.d start httpd and /etc/rc.d/http start will no longer be equivalent.

Thomas, when you say rc.d should be used as root. You could say the same of pacman. However, it is possible to have access to lots of pacman functions when you are not root.
And it's convenient.

There is no serious reason to refuse to list daemon status (rc.d list) when you are not root. Information is readable in /run by everyone. It's sugar display.

The biggest technical problem i see with a global/generic restriction on user it's about commands other than start / stop / restart / reload, which have a priori need to be root.
For example, some script have an status (eg: rc.d git-daemon status) or whatever, which can be called without being root. if we blocks in rc.d or in functions, we will lost some functionnalities.

I posted a patch on ML: http://mailman.archlinux.org/pipermail/arch-projects/2011-May/000884.html
that take in account all concerns presented in this report.

There were lots of good suggestion about how to solve this. I just merged Seblu's solution.