Thanks Wilfried! > On Apr 30, 2015, at 1:56 AM, Wilfried Goesgens <dotheb...@citadel.org> wrote: > > Hi Stuart, > > the proper solution is to grant read access to a group on these files (like > 'admin' in debian) and add the collectd user to that group. > > > Wed Apr 29 2015 15:08:25 EDT from "Stuart Cracraft" <smcracr...@me.com> > Subject: [collectd] collectd restriction > So, even though collectd runs by default as root, > none of its children can be so-configured, due to a decision > shown in: > > https://collectd.org/wiki/index.php/Plugin:Exec > <https://collectd.org/wiki/index.php/Plugin:Exec> > > which restricts Exec-based plugins to using uid!=0 as the > uid for the running collectors as children of collectd: > > "The security concerns are addressed by forcing the plugin to check that > custom programs are never executed with superuser privileges. If the daemon > runs as root, you have to configure another user ID with which the new > process is created." > > This is a half-hearted, strange attempt to draconianly > say "all uid=0" is bad and feels suspiciously nannyish, big-government. > > In fact, there are many commands which require root to > access protected files or devices and which do not have > non-Exec collectd-generic-support but constitute invaluable > information to have collected, graphed and alarmed on. > > I am surprised at the above decision and am asking > the community how you collect root-accessible-only data > in collectd when there no plugin exec, nor otherwise, to collectd. > > > > <Mail Attachment.txt>
_______________________________________________ collectd mailing list collectd@verplant.org http://mailman.verplant.org/listinfo/collectd