[rrd-developers] rrdcached daemonize failed, exiting
kevin brintnall
kbrint at rufus.net
Wed Sep 24 00:31:46 CEST 2008
On Tue, Sep 23, 2008 at 10:48:02PM +0200, Tobias Oetiker wrote:
> I just read through the rrdcached documentation and I think we need
> to have something done regarding security.
>
> a) we need some sort of access control and authentication. Guess
> shared secret with hash would be enough.
Tobi,
Do you think this is a reasonable approach?
* Create the notion of a read-only command channel (i.e. "stats" and
"flush") This makes sense when you consider that RRD files would be
written by a single user (i.e. poller) but read by multiple users
(i.e. web server creating graphs, program that dump/fetch/etc). This
could be network or unix domain socket.
* the read-write socket can be limited to unix domain sockets, and
protected by unix perms. If a user had write access to the socket,
they would likely have write access to the RRDs.
For a shared secret, I see some complications with passing it from
user-->api-->daemon cleanly, and managing the associated state in the
daemon. Did you have anything in mind for that?
> b) it must be possible to set a (virtual) root directory for the
> daemon, so that it does not soly rely on permissions being
> properly set.
How about this.. if a base directory is specified (-b <base>) and a command
comes in with an absolute <path>, then enforce:
<path> starts with <base>/
--
kevin brintnall =~ /kbrint at rufus.net/
More information about the rrd-developers
mailing list