On 30/04/2014 19:58, Xin Li wrote: > On 04/30/14 11:51, Corey Smith wrote: >>> It would be interesting to find out if we could teach net-snmpd >>> to use alternative methods to access data it needs > >> It is not necessary if you build net-mgmt/net-snmp with the >> UNPRIVILEGED knob set. > > Will there be any lost functionality with that knob set? (I don't use > net-snmp myself) If there is no lost functional, I think it's > sensible to hard wire that option -- giving access to /dev/[k]mem > makes me feel quite nervous, especially for network facing daemons...
Yeah. net-snmp is not something to expose to the internet in general.
Private networks only is my rule.
You can start snmpd with the '-r' flag which means it will at least run
without needing access to /dev/mem or anything else privileged, but at
the cost of reduced functionality. For instance the 'proc foo' test to
check on the presence of a foo process doesn't work. Quite why that
should need rootly privilege I do not know: it's effectively the same as
grepping the output of 'ps -acx'.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil.
PGP: http://www.infracaninophile.co.uk/pgpkey
signature.asc
Description: OpenPGP digital signature
