| To: | Nathan Scott <nathans@xxxxxxxxxx> |
|---|---|
| Subject: | Re: proc pmda access control changes |
| From: | fche@xxxxxxxxxx (Frank Ch. Eigler) |
| Date: | Wed, 24 Jul 2013 10:25:08 -0400 |
| Cc: | Ken McDonell <kenj@xxxxxxxxxxxxxxxx>, pcp@xxxxxxxxxxx |
| Delivered-to: | pcp@xxxxxxxxxxx |
| In-reply-to: | <1461308559.1266316.1374665942271.JavaMail.root@xxxxxxxxxx> (Nathan Scott's message of "Wed, 24 Jul 2013 07:39:02 -0400 (EDT)") |
| References: | <51EFBB29.1000807@xxxxxxxxxxxxxxxx> <1461308559.1266316.1374665942271.JavaMail.root@xxxxxxxxxx> |
| User-agent: | Gnus/5.1008 (Gnus v5.10.8) Emacs/21.4 (gnu/linux) |
Nathan Scott <nathans@xxxxxxxxxx> writes: > [...] >> # pminfo -f proc.psinfo.ppid >> >> proc.psinfo.ppid >> Error: No permission to perform requested operation >> >> What magic sauce is needed to restore the promiscuous mode for the proc >> pmda? AF_UNIX-based connection such as # pminfo -h local:// -f proc.psinfo.ppid should let the root user poke at the psinfo.* hierarchy, without SASL/etc. kicking in. > [...] There is no pmdaproc backdoor, credentials must be presented > ... should we consider adding one for back-compat? I'd prefer not > to, but guess we could go either way - it'd just take a non-default > command line option to disable the checks. That makes sense. - FChE |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [pcp] proc pmda access control changes, Nathan Scott |
|---|---|
| Next by Date: | Re: [pcp] proc pmda access control changes, Ken McDonell |
| Previous by Thread: | Re: [pcp] proc pmda access control changes, Nathan Scott |
| Next by Thread: | Re: [pcp] proc pmda access control changes, Ken McDonell |
| Indexes: | [Date] [Thread] [Top] [All Lists] |