Robert Story wrote:
On Sun, 04 Dec 2005 00:15:49 +0100 Thomas wrote:
TA> [EMAIL PROTECTED] wrote:
TA> > From: Robert Story <[EMAIL PROTECTED]>
TA> >>Can anyone think of any objections to changing the group earlier?
TA> >>
TA> >>- It's new behaviour
TA> >>- It will change the ownership of files created by the agent (thus
TA> >>possibly reducing the security of the agent; eg exposing info, non-
TA> >>root users being able to change config)
TA> >
TA> > But only if agentgroup and/or agentuser are defined in configuration (or
TA> > -g or -u are specified on the command line), right? It's no _more_
TA> > exposed than it was and it's more consistent.
TA>
TA> Right. The *existing* behaviour is broken and should be fixed.
Can you expand on that? I think the original idea for changing user/group was
to have reduced privileges while running. The primary advantage probably being
that scripts and such wouldn't run as root. It's still reasonable to expect
that the agent's configuration files would be owned by root, and not the
non-privileged user.
But isn't it even more reasonable to expect that load/save of persistent
config would "just work" for an agent with agentuser/agentgroup defined?
AFAICS it currently doesn't (persistent config is created as root:root,
so it can't be saved by the lower-privileged agent) which I consider a bug.
+Thomas
--
Thomas Anders (thomas.anders at blue-cable.de)
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
Net-snmp-coders mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
