1) Install daemontools.
2) Add a svuserl user+group for logging.
adduser --system --home /nonexistant --shell /bin/false --no-create-home --disabled-password --disabled-login --gecos svuserl svuserl
3) Setup the parent svscan to be supervised for this user. (I put all my svscan dirs in /etc/sv instead of /etc for sanity)
mkdir -p /etc/sv/svuser-jdoe/env
echo 52428800 > /etc/sv/svuser-jdoe/env/MEMORYLIMIT
echo jdoe > /etc/sv/svuser-jdoe/env/USER
cat > /etc/sv/svuser-jdoe/run < _EOF_
#!/bin/sh
exec 2>&1
exec envdir ./env sh -c '
exec /usr/bin/softlimit -m $MEMORYLIMIT \
setuidgid $USER svscan /var/local/$USER/service
'
_EOF_
chmod 0755 /etc/sv/svuser-jdoe/run
mkdir -p /etc/sv/svuser-jdoe/log/main
chown svuserl /etc/sv/svuser-jdoe/log/main
cat > /etc/sv/svuser-jdoe/log/run < _EOF_
#!/bin/sh
exec setuidgid svuserl multilog t ./main
_EOF_
NOTE: If you do not setup logging for this service, your users errors will go to whatever you might have logging the svscan of /service .
4) Setup the users service directory.
mkdir -p /var/local/jdoe/sv mkdir -p /var/local/jdoe/service chmod 02775 /var/local/jdoe/* chgrp /var/local/jdoe/*
5) Make that users svscan active.
ln -s /etc/sv/svuser-jdoe /service
Now the user can create his own supervise dirs in /var/local/jdoe/sv and link them into /var/local/jdoe/supervise to make them active. The user then has complete control of them via svc.