[rrd-developers] [PATCH] rrd_client: Do not rewrite path names when accessing remote daemons.

Benny Baumann BenBE at geshi.org
Sat Oct 3 23:54:53 CEST 2009


Hi,

Am 03.10.2009 23:36, schrieb Tobias Oetiker:
> Hi Sebastian,
>
> Today Sebastian Harl wrote:
>   
>> When talking to a local daemon (thru a UNIX socket), relative path names are
>> resolved to absolute path names to allow for transparent integration into
>> existing solutions (as requested by Tobi).
>>
>> However, when talking to a remote daemon, absolute path names are not allowed,
>> since path name translation is done by the server (relative to the base
>> directory).
>>     
>
> am I reading the code correctly? You do not
> rewrite a request if it is sent remotely, but you do not complain
> if a remote request uses an absolute path either ?
>
> cheers
> tobi
>   
IMHO the behaviour should mor be like:
- Requests are always rewritten
- The Cache Daemon defines a root path (simular to an chroot)
- Every request, independently of being absolute or relative, is
interpreted relative to this root directory.

That way there's no change if a client requests a local or an remote
file to be queried.

Example:

A client asks to write to /var//lib/rrdtool/sample.rrd while
/var/lib/rrdtool is the "chroot cage". The access would then look for a
file sample./var/lib/rrdtool/var/lib/rrdtool/sample.rrd That way remote
maschines can be restricted from accessing files in the file system that
they shouldn't have access to. If you e.g. want /home/myrrds to be
accessable you'd just need to create a symlink there though.

Regards,
BenBE.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
Url : http://lists.oetiker.ch/pipermail/rrd-developers/attachments/20091003/d7116df2/attachment-0001.pgp 


More information about the rrd-developers mailing list