[rrd-developers] rrdcached daemonize failed, exiting

kevin brintnall kbrint at rufus.net
Wed Sep 24 00:31:46 CEST 2008


On Tue, Sep 23, 2008 at 10:48:02PM +0200, Tobias Oetiker wrote:
> I just read through the rrdcached documentation and I think we need
> to have something done regarding security.
> 
> a) we need some sort of access control and authentication. Guess
>    shared secret with hash would be enough.

Tobi,

Do you think this is a reasonable approach?

 * Create the notion of a read-only command channel (i.e. "stats" and
   "flush") This makes sense when you consider that RRD files would be
   written by a single user (i.e. poller) but read by multiple users
   (i.e. web server creating graphs, program that dump/fetch/etc).  This
   could be network or unix domain socket.

 * the read-write socket can be limited to unix domain sockets, and
   protected by unix perms.  If a user had write access to the socket, 
   they would likely have write access to the RRDs.

For a shared secret, I see some complications with passing it from
user-->api-->daemon cleanly, and managing the associated state in the
daemon.  Did you have anything in mind for that?

> b) it must be possible to set a (virtual) root directory for the
>    daemon, so that it does not soly rely on permissions being
>    properly set.

How about this..  if a base directory is specified (-b <base>) and a command
comes in with an absolute <path>, then enforce:

	<path> starts with <base>/

-- 
 kevin brintnall =~ /kbrint at rufus.net/



More information about the rrd-developers mailing list