[rrd-developers] rrdcached daemonize failed, exiting
kevin brintnall
kbrint at rufus.net
Tue Sep 23 21:33:08 CEST 2008
> That's what I'm doing for now -- but I wonder if rrdcached could do
> setuid instead.
It would have to start as root, acquire a number of group memberships, and
then drop privs.. Interesting, but ultimately I think it's too
complicated.
The same could be accomplished with two instances of the daemon, or by
having a separate group for all RRD writes. For the former case, I think
we need a way to have a host:port for inet sockets (right now, the daemon
always uses port 42217).
> Also, for Ganglia, two different processes would potentially require
> to access rrdcached -- the frontend which mostly runs the 'graph'
> command and gmetad which does the 'update' commands, and the processes
> are owned by different users. Is this currently supported?
If you connect via inet socket, then any user on the host can issue
commands. If you connect via unix socket, you can chmod it to allow for
that.
> BTW please let me know if this is the right assumption -- if you are
> using rrdtool command line, use --daemon option and if you are using
> rrdtool's C API, use RRDCACHED_ADDRESS environment variable.
Regardless of the access method, you can use either method (env or
--daemon) for specifying the daemon address. I set the RRDCACHED_ADDRESS
at login so that ordinary users and scripts that are already accessing the
files do not need to be made aware that there is a daemon running..
--
kevin brintnall =~ /kbrint at rufus.net/
More information about the rrd-developers
mailing list