I noticed that while gmetad and gmond can be set to drop their uid values to a non-privileged user (like "nobody"), they do not drop the gid values. Was this an intentional design decision? If not, I think it would be a good idea to drop the gid as well.
A simple way to do this without having to add another config option would be to modify monitor-core/lib/become_a_nobody.c so that after the line rval = setuid(pw->pw_uid); (and its associated error checks) there is a line like this rval = setgid(pw->pw_gid); (with appropriate error checking). But I think adding a "group =" config option is better just because it is more flexible. -- Rick Mohr Systems Developer Ohio Supercomputer Center ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Ganglia-developers mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ganglia-developers
