[collectd] [Bug 734179] collectd runs as root unnecessarily
bonbons at linux-vserver.org
Thu Mar 17 20:44:13 CET 2011
On Thu, 17 March 2011 Florian Forster <octo at collectd.org> wrote:
> On Sun, Mar 13, 2011 at 07:04:39AM -0000, Andrew Yates wrote:
> > (It might also be a good idea to run collectd as an unprivileged user
> > by default. A quick test suggests that of the default plugins only
> > 'df' may require root privileges.)
> In the vast majority of cases, the "df" plugin doesn't need privileges.
> The only problematic case I can think of right now is if some file
> system is mounted at "/secret/foo" and the unprivileged user isn't
> allowed to read "/secret".
> Plugins which do require privileges can be found in the collectd wiki in
> the "Plugins requiring privileges" category .
>  <http://collectd.org/wiki/index.php/Category:Plugins_requiring_privileges>
From those I'm wondering what special privileges netlink plugin needs...
on the systems I run it on, it runs as unprivileged user.
For DNS, Ping and IPTables plugins just setting the appropriate
capabilities, e.g. using file based capabilities, does suffice.
For serial I would say adding the right group should do it as well.
At least file based capabilities and unprivileged user does work fine for me
with ping plugin.
More information about the collectd