pcp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [pcp] [patch, RFC] don't run PCP daemons as root on the Linux platfo

from [Nathan Scott] [Permanent Link][Original]
To: Mark Goodwin <mgoodwin@xxxxxxxxxx>
Subject: Re: [pcp] [patch, RFC] don't run PCP daemons as root on the Linux platform
From: Nathan Scott <nathans@xxxxxxxxxx>
Date: Wed, 4 May 2011 20:22:03 +1000 (EST)
Cc: pcp <pcp@xxxxxxxxxxx>
In-reply-to: <4DC0F8F3.1030007@xxxxxxxxxx> 
----- Original Message -----
> [This patch isn't finished yet, but I'm soliciting comments
> before I take it any further]
> 
> PCP daemons on the Linux platform don't need to be run as the
> root user - we can and should reduce the potential for security
> issues by running these daemons as a "pcp" user.

Would love to see this done...

> That includes
> pmcd, pmlogger, pmie, pmproxy and PMDAs running as daemons.

pmproxy can (and does for us) already run as non-root, there
is startup script support already for running it as "nobody"
(thats how we run it, with no external pmcd access available).

> This patch still needs work in pmdaproc.sh and a few other
> areas (configure.in, non-Linux platforms, QA, etc), but it's
> functional on Fedora so far as a proof of concept.

One other issue that I know of is that the network ioctls for
extracting interface bandwidth - SIOCETHTOOL and co - require
root permissions (in pmdalinux).

cheers.

-- 
Nathan
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [patch, RFC] don't run PCP daemons as root on the Linux platform, Mark Goodwin
Next by Date:  I27 Espectacular Casa Tradicional en San Diego Country Club, al pie Excelente Casa Moderna, La Capitana Real Estate
Previous by Thread:  [patch, RFC] don't run PCP daemons as root on the Linux platform, Mark Goodwin
Next by Thread:  I27 Espectacular Casa Tradicional en San Diego Country Club, al pie Excelente Casa Moderna, La Capitana Real Estate
Indexes:  [Date] [Thread] [Top] [All Lists]