On Sun, 2005-12-04 at 08:32 -0500, Robert Story wrote: > I think the original idea for changing user/group was > to have reduced privileges while running. The primary advantage probably being > that scripts and such wouldn't run as root. It's still reasonable to expect > that the agent's configuration files would be owned by root, and not the > non-privileged user.
I'm not sure I'd fully agree with that. If something is running as a non-root user, my basic assumption is that any files created by that process would be owned by that user - not by root. That certainly seems to hold for Apache, where logs files etc are created as the running user, rather than root. My main concern would be dropping root ownership too early, so that (e.g.) opening privileged ports would fail. I haven't checked exactly where this currently occurs in the initialisation process. Where would we envisage moving this to, exactly? Dave ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click _______________________________________________ Net-snmp-coders mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
