On 04/12/18 23:13, Joel Carnat wrote:
>> Le 12 avr. 2018 à 21:10, Stuart Henderson <s...@spacehopper.org> a écrit :
>> On 2018-04-12, Joel Carnat <j...@carnat.net <mailto:j...@carnat.net>> wrote:
>>> I want net-snmpd to run a script via the extend directive.
>>> This script has to run a command using doas to get temporary root
>>> The script is run on snmpcmd call but the doas command returns:
>>> doas: a tty is required
>>> Is there a way to run doas from net-snmpd ?
>>> I already have doas running from collectd-exec without issues.
>>> # More infos on configuration and commands
>>> # grep extend /etc/snmp/snmpd.conf
>>> extend test /home/scripts/test.sh
>>> # grep snmpd /etc/doas.conf
>>> permit nopass _snmpd as root
>> Net-SNMP runs as _netsnmp, but you're giving nopass access to _snmpd
>> (base snmpd's uid, which doesn't execute anything anyway).
> Of course…
> Using "permit nopass _netsnmp as root" makes it run as expected.
Please add "cmd <command> args ..." to that line to prevent more root-
exposure than required.
> Thanks a lot!