[patch] nsca chroot() support
sean finney
seanius at seanius.net
Sun Mar 12 13:17:22 CET 2006
On Sun, Mar 12, 2006 at 12:24:07PM +0100, Marc Haber wrote:
> If the inet daemon chroots before invoking nsca, all libraries and
> config files would need to be present in the chroot. I don't think
> this would be desireable.
yeah, upon further consideration i agree. looking at xinetd config
documentation i don't think there is a way to do this, and even if
there was, it would have the problems you mention.
but if we keep the chroot call in inetd mode there still exists a
problem in the sense that if run in inetd mode it probably won't have
the privilege level to chroot. or, if it does then it's running as
root but won't drop privileges afterwards--which would be worse
than not chrooting imho.
so, perhaps what would make the most sense is to attempt
to chroot as the patch does now, but also attempt to drop
privileges after the chroot. then, if the administrator
decides to have nsca chroot he/she can configure xinetd to
run nsca as root, and the chroot/user/group settings from
nsca.cfg will dictate what to do.
what do you think?
sean
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://www.monitoring-lists.org/archive/developers/attachments/20060312/537ccc08/attachment.sig>
More information about the Developers
mailing list