[smokeping-users] gid problems
Lee Elliott
Lee at northarbour.com
Tue Apr 23 18:15:53 CEST 2013
>
> LE> To clarify, it is on the master server that the smokeping folders
> LE> and rrds need the group permissions to be set to the httpd group but
> LE> I'm not sure it would be much of a security problem - the httpd
> LE> group only needs read permissions on the master and, on Debian at
> LE> least, the /var/lib/smokeping folder already has world read
> LE> permissions, which is why it seems odd that I need to set explicit
> LE> read access for www-data in the first place - in fact it's possibly
> LE> not actually a permissions issue but an internal check in the smokeping
> code.
>
> I was under the impression that *write* rights were required for the slaves
> to write to the RRD's on the master. [That's how I have it set anyway. And
> that's how I recall it being discussed.]
>
> Perhaps I should go tweak my master and see what happens with only read
> rights...
>
Definitely read-only on group perms on the master here - it would be useful if you can confirm that read-only on group works for you too.
If anything, it's why the httpd needs any permissions to the smokeping var data in the first place that puzzles me.
>From reading...
http://oss.oetiker.ch/smokeping/doc/smokeping_master_slave.en.html
...it appears that the httpd is only acting as an intermediary between the slaves and master (with the master handling all file IO) and it shouldn't need to read or write any of smokeping's var data, so it's not that the httpd only needs read perms that I find a bit strange but that the httpd needs any perms to the smokeping var data at all for slaves to work.
Still an extremely useful bit of software though.
LeeE
More information about the smokeping-users
mailing list