> On Sun, 04 Dec 2005 00:15:49 +0100 Thomas wrote: > TA> [EMAIL PROTECTED] wrote: > TA> > From: Robert Story <[EMAIL PROTECTED]> > TA> >>Can anyone think of any objections to changing the group > TA> >>earlier? > TA> >>- It's new behaviour > TA> >>- It will change the ownership of files created by the agent > TA> >>(thus possibly reducing the security of the agent; eg exposing > TA> >>info, non-root users being able to change config) > TA> > > TA> > But only if agentgroup and/or agentuser are defined in > TA> > configuration (or -g or -u are specified on the command > TA> > line), right? It's no _more_ exposed than it was and > TA> > it's more consistent. > TA> > TA> Right. The *existing* behaviour is broken and should be fixed. > > Can you expand on that? I think the original idea for changing > user/group was to have reduced privileges while running. The > primary advantage probably being that scripts and such wouldn't > run as root. It's still reasonable to expect > that the agent's configuration files would be owned by root, and > not the non-privileged user.
Except that as snmpd shuts down it rewrites the persistent store as the -u/-g user. To be consistent, we either need to move the -u/-g processing up, or revert to root/root when saving persistent values at shutdown. Right? ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ Net-snmp-coders mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
