Chandana,
I think you have already suggested the "best" solution for a "behind the
firewall" environment ... sudo glue, as in (in sort of reverse order of how
you'd set it up)
sudo -u pcp pmie -c /tmp/xxx
uid=0(root) gid=0(root) groups=0(root)
uid=0(root) gid=0(root) groups=0(root)
$ cat /tmp/xxx
hinv.ncpu > 0 -> shell "sudo id";
$ grep sudo /etc/group
sudo:x:27:kenj,pcpqa,pcp
$ sudo grep \%sudo /etc/sudoers
%sudo ALL=(ALL:ALL) NOPASSWD: ALL
> -----Original Message-----
> From: pcp-bounces@xxxxxxxxxxx [mailto:pcp-bounces@xxxxxxxxxxx] On
> Behalf Of Chandana De Silva
> Sent: Saturday, 15 February 2014 7:11 AM
> To: pcp@xxxxxxxxxxx
> Subject: [pcp] pmie - privileged use
>
> All,
>
> The newer versions pcp run as the non privileged user 'pcp' which is
> obviously good from a security perspective.
>
> My problem is with pmie. How would I get pmie to take some drastic
> proactive action, such as killing a rogue process ?
>
> One possibility is to give pcp sudo privileges on pmie.
>
> Is there another way ?
>
> _______________________________________________
> pcp mailing list
> pcp@xxxxxxxxxxx
> http://oss.sgi.com/mailman/listinfo/pcp
|