-----Message d'origine----- Message: 3 Date: Wed, 6 Feb 2013 18:27:24 +0000 Subject: Re: [lttng-dev] lttng, lttng-sessiond and the tracing group
> This may very well be an "Ubuntism". All flavours of Ubuntu use a locked > root and force all users to systematically use sudo; the su command won't > go anywhere because there is no root password. [...] The short and sweet > of it is that (nearly) all super-user operations under Ubuntu will be > conducted > by a user (with sudo privileges), not by the root account. Hence the > shenanigans I ran into. It sounds like LTTng will have to adjust the way it > allocates the root .lttngrc path under Ubuntu systems, so that it uses > /root/.lttngrc instead of ~/.lttngrc ------------------------------ Follow up: Turns out the collision between the root and local daemon copies of .lttngrc can be avoided by prefixing the lttng commands with 'sudo -H' for a default Ubuntu configuration. Other sudo configurations may be susceptible to this problem as well, because the value of the HOME environment variable when invoking sudo is decided by the sudo security policy. The problem is that sysadmins can set the root HOME to an arbitrary value for whatever reason, so lttng-sessiond should not force its HOME to 'root': that would be bad form. Instead, since the daemons are communicating with each other, there could be a bit of negotiation. In a nutshell, the root daemon would veto the launch of a user lttng-sessiond if the latter's HOME matched its own. Similarly, if the root lttng-sessiond, upon launching, discovered a user lttng-sessiond with a coinciding HOME, it could either refuse to launch itself or pre-empt the user lttng-sessiond (i.e., shut it down). Either way the user(s) would get an appropriate error message. The case where multiple users are assigned a single HOME by the sysadmin would be handled similarly. On the other hand, maybe a simpler solution would be to have the .lttngrc file's name be suffixed to avoid any collisions. The root daemon's .lttngrc would become .lttngrc-root, etc. I don't think there would be a need to decorate the 'lttng-traces' folder's name, since the contained traces are already "collision-proofed" by their timestamp suffixes. Does this make sense? Daniel U. Thibault R & D pour la défense Canada - Valcartier (RDDC Valcartier) / Defence R&D Canada - Valcartier (DRDC Valcartier) Cyber sécurité pour les missions essentielles (CME) / Mission Critical Cyber Security (MCCS) Protection des systèmes et contremesures (PSC) / Systems Protection & Countermeasures (SPC) 2459 route de la Bravoure Québec, QC G3J 1X5 CANADA Vox : (418) 844-4000 x4245 Fax : (418) 844-4538 NAC : 918V QSDJ <http://www.travelgis.com/map.asp?addr=918V%20QSDJ> Gouvernement du Canada / Government of Canada <http://www.valcartier.drdc-rddc.gc.ca/> _______________________________________________ lttng-dev mailing list [email protected] http://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev
