On Sun, 04 Dec 2005 00:15:49 +0100 Thomas wrote: TA> [EMAIL PROTECTED] wrote: TA> > From: Robert Story <[EMAIL PROTECTED]> TA> >>Can anyone think of any objections to changing the group earlier? TA> >> TA> >>- It's new behaviour TA> >>- It will change the ownership of files created by the agent (thus TA> >>possibly reducing the security of the agent; eg exposing info, non- TA> >>root users being able to change config) TA> > TA> > But only if agentgroup and/or agentuser are defined in configuration (or TA> > -g or -u are specified on the command line), right? It's no _more_ TA> > exposed than it was and it's more consistent. TA> TA> Right. The *existing* behaviour is broken and should be fixed.
Can you expand on that? I think the original idea for changing user/group was to have reduced privileges while running. The primary advantage probably being that scripts and such wouldn't run as root. It's still reasonable to expect that the agent's configuration files would be owned by root, and not the non-privileged user. -- Robert Story; NET-SNMP Junkie Support: <http://www.net-snmp.org/> <irc://irc.freenode.net/#net-snmp> Archive: <http://sourceforge.net/mailarchive/forum.php?forum=net-snmp-coders> You are lost in a twisty maze of little standards, all different. ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ Net-snmp-coders mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
