On Sun, Mar 12, 2006 at 07:17:22AM -0500, sean finney wrote:
> but if we keep the chroot call in inetd mode there still exists a
> problem in the sense that if run in inetd mode it probably won't have
> the privilege level to chroot.
tough look. can't chroot without privileges. invoking a chrooting nsca
process without necessary privileges is a configuration error. print
error message, exit(1).
> or, if it does then it's running as
> root but won't drop privileges afterwards--which would be worse
> than not chrooting imho.
Yes.
> so, perhaps what would make the most sense is to attempt
> to chroot as the patch does now, but also attempt to drop
> privileges after the chroot.
By all means. This is also a safeguard against the local admin
misconfiguring. If she wants nsca to run as root, she needs to
explicitly configure it to do so.
> then, if the administrator
> decides to have nsca chroot he/she can configure xinetd to
> run nsca as root, and the chroot/user/group settings from
> nsca.cfg will dictate what to do.
Yes, that's the way to go IMO.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]