[rrd-developers] rrdcached daemonize failed, exiting

Bernard Li bernard at vanhpc.org
Tue Sep 23 21:27:25 CEST 2008 

Hi Kevin:

On Mon, Sep 22, 2008 at 7:24 PM, kevin brintnall <kbrint at rufus.net> wrote:

> The server logs most of the failures to syslog (under daemon.*).  You
> could check there.
>
> I suspect that your user doesn't have sufficient privileges to write the
> pid file (by default $LOCALSTATEDIR/run/rrdcached.pid).  This will show
> up in the server logs for sure.

You are right, I should have checked syslog.  Thanks.

> Keep in mind that your daemon needs write access to your files.  In your
> case, you will need to have your RRD files writable via "nobody"...  Thus,
> other processes which are running with "nobody" privileges will be able to
> over-write your RRD files.
>
> In my case, I have created a separate role account which owns the RRD
> files (and runs my pollers).  Then, I create a special directory for it to
> write its journal files and pid:
>
>  % pwd
>  /var/db/rrdcached
>
>  % ls -ld . *
>  drwxr-x---  2 stats  stats   512B Sep 22 22:28 ./
>  -r--r--r--  1 stats  stats     6B Sep 12 22:28 pid
>  -rw-r--r--  1 stats  stats   146M Sep 23 02:20 rrd.journal
>  -rw-r--r--  1 stats  stats   224M Sep 22 22:28 rrd.journal.old
>
> Thus, I invoke:
>
>  rrdcached -j /var/db/rrdcached -p /var/db/rrdcached/pid ...
>
>> Is it because the account is too restrictive?  Would it be possible
>> for rrdcached to daemonize as another user?
>
> Most OS will let you do this..  This is what I do in startup scripts:
>
>  su $USER -c "/usr/local/sbin/rrdcached --flags ..."

That's what I'm doing for now -- but I wonder if rrdcached could do
setuid instead.

For instance, Ganglia and Cacti uses RRDTool and the rrd files are
owned by specific roles.  For Ganglia it would be nobody/ganglia and
for Cacti it would be cacti -- if there is an easy way to implement it
with this in mind, that would be more convenient for other softwares
which depend on RRDTool to take advantage of rrdcached.

Also, for Ganglia, two different processes would potentially require
to access rrdcached -- the frontend which mostly runs the 'graph'
command and gmetad which does the 'update' commands, and the processes
are owned by different users.  Is this currently supported?

BTW please let me know if this is the right assumption -- if you are
using rrdtool command line, use --daemon option and if you are using
rrdtool's C API, use RRDCACHED_ADDRESS environment variable.

Thanks,

Bernard

More information about the rrd-developers mailing list