[Nagiosplug-devel] Antwort: Security discussion - don't run as root plugins
Olivier 'Babar' Raginel
nagios at babar.us
Mon Jul 21 10:49:12 CEST 2008
On Mon, Jul 21, 2008 at 10:27:53AM +0200, Sascha.Runschke at gfkl.com wrote:
> Don't do the same mistake and enforce your ideas on users.
> If someone wants to run as root - whatever her reason may be - then
> let her do so. If it was done by mistake - she learned something from
> it now (hopefully).
> The way to go is the un-intrusive way of privilege dropping.
> If a program does not need root privileges, it should drop them and
> in my opinion that's the responsibility of the author.
I'd rather go the "munin" way:
# /usr/bin/munin-cron
You are running this program as root, which is neither smart nor necessary.
If you really want to run it as root, use the --force-root option. Else, run
it as the user "munin". Aborting.
Clear, self-explanatory, concise, but still flexible.
Just my 2 cts.
--
Babar.
More information about the Devel
mailing list