[rrd-developers] [PATCH] rrd_client: Do not rewrite path names when accessing remote daemons.
Tobias Oetiker
tobi at oetiker.ch
Sun Oct 4 13:14:24 CEST 2009
Hi Sebastian,
Today Sebastian Harl wrote:
> Hi Benny,
>
> Thanks for your feedback!
>
> On Sat, Oct 03, 2009 at 11:54:53PM +0200, Benny Baumann wrote:
> > Am 03.10.2009 23:36, schrieb Tobias Oetiker:
> > > Today Sebastian Harl wrote:
> > >> When talking to a local daemon (thru a UNIX socket), relative path names are
> > >> resolved to absolute path names to allow for transparent integration into
> > >> existing solutions (as requested by Tobi).
> > >>
> > >> However, when talking to a remote daemon, absolute path names are not allowed,
> > >> since path name translation is done by the server (relative to the base
> > >> directory).
> [?]
> > IMHO the behaviour should mor be like:
> > - Requests are always rewritten
>
> In what way would you want a request, that is sent to a remote daemon,
> to be rewritten (on the client, as this what we're talking about)?
>
> > - The Cache Daemon defines a root path (simular to an chroot)
>
> This is already possible using rrdcached's '-b' command line option. If
> that's not specified, /tmp is used as a default. You may disallow any
> updates to files outside of that directory by using the -B command line
> option. See the rrdcached(1) manpage for more details.
>
> On the *server* side, all relative path names are rewritten to be
> relative to that base directory.
>
> > - Every request, independently of being absolute or relative, is
> > interpreted relative to this root directory.
>
> Hrm ? imho this option would be fine as well, *if* absolute path names
> would not be treated differently when accessing a local daemon (which is
> requested by Tobi). Adding another difference to the handling of path
> names would be way too confusing imho.
>
> OTOH, when thinking of the base directory as something like a chroot,
> this might make some sense. What do others think about that?
I think the current implementation where only relative paths are
allowed for remote access is fine, since this provides a measure of
protection when people are transitioning from local to remote
rrdtool. They may be trying to use the absolute path names they
have been used to access when working locally and will be alerted
to the problem.
cheers
tobi
--
Tobi Oetiker, OETIKER+PARTNER AG, Aarweg 15 CH-4600 Olten, Switzerland
http://it.oetiker.ch tobi at oetiker.ch ++41 62 775 9902 / sb: -9900
More information about the rrd-developers
mailing list