[collectd] collectd restriction
smcracraft at me.com
Wed Apr 29 21:08:25 CEST 2015
So, even though collectd runs by default as root,
none of its children can be so-configured, due to a decision
which restricts Exec-based plugins to using uid!=0 as the
uid for the running collectors as children of collectd:
"The security concerns are addressed by forcing the plugin to check that custom programs are never executed with superuser privileges. If the daemon runs as root, you have to configure another user ID with which the new process is created."
This is a half-hearted, strange attempt to draconianly
say "all uid=0" is bad and feels suspiciously nannyish, big-government.
In fact, there are many commands which require root to
access protected files or devices and which do not have
non-Exec collectd-generic-support but constitute invaluable
information to have collected, graphed and alarmed on.
I am surprised at the above decision and am asking
the community how you collect root-accessible-only data
in collectd when there no plugin exec, nor otherwise, to collectd.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the collectd