On Mon, Aug 12, 2013 at 4:23 PM, Thibault, Daniel <[email protected]> wrote: > -----Message d'origine----- > Envoyé : 12 août 2013 16:11 > > On Mon, Aug 12, 2013 at 9:23 AM, Thibault, Daniel > <[email protected]> wrote: >> ---------------------------------------------------------------------- >> Actually, a non-root user can also access the root daemon if he has sudo >> privileges. >> >> The root daemon will see the various user-space events, but it will >> *not* list the user sessions: the various lttng-sessiond daemons do >> not talk to each other. (This may become possible with a later >> version of lttng) >> >> To funnel all tracing through the root daemon, make sure any user >> lttng-sessiond daemons are killed and only the root lttng-sessiond daemon is >> running, then either make your users members of the 'tracing' group, or >> systematically use 'sudo lttng ...' or 'sudo -H lttng ...' from the user >> shells. The first form will put the trace outputs in each user's >> ~/lttng-traces, the second form will combine all trace outputs in >> /root/lttng-traces. You may need to chmod the resulting folders and files >> if you want to later access them as non-root. > > Keep in mind that in this scenario, setting up your traces as root (using > sudo) will still not let users that are not part of the 'tracing' group trace > their applications as no interactions with the session daemon are allowed; > that includes application registration. > > Getting around that would require that your users also launch the > applications themselves as root (using sudo) which is an unnecessary security > risk. > > Jérémie Galarneau > EfficiOS Inc. > -----Fin du message d'origine----- > > I'm not sure I understand what you're getting at when you say "setting up > your traces as root (using sudo) will still not let users that are not part > of the 'tracing' group trace their applications as no interactions with the > session daemon are allowed; that includes application registration." Users > that are not part of the 'tracing' group need take no special action to get > their apps traced: the root session daemon sees all user-spaces.
You're right. There seems to be an unrelated problem on my system. So, to clarify: - A root session daemon can only be controlled (e.g. create and modify sessions) by root and members of the tracing group. - Applications do not need to run as a member of the tracing group to be traced. Jérémie > > Daniel U. Thibault > Protection des systèmes et contremesures (PSC) | Systems Protection & > Countermeasures (SPC) > Cyber sécurité pour les missions essentielles (CME) | Mission Critical Cyber > Security (MCCS) > R & D pour la défense Canada - Valcartier (RDDC Valcartier) | Defence R&D > Canada - Valcartier (DRDC Valcartier) > 2459 route de la Bravoure > Québec QC G3J 1X5 > CANADA > Vox : (418) 844-4000 x4245 > Fax : (418) 844-4538 > NAC : 918V QSDJ <http://www.travelgis.com/map.asp?addr=918V%20QSDJ> > Gouvernement du Canada | Government of Canada > <http://www.valcartier.drdc-rddc.gc.ca/> -- Jérémie Galarneau EfficiOS Inc. http://www.efficios.com _______________________________________________ lttng-dev mailing list [email protected] http://lists.lttng.org/cgi-bin/mailman/listinfo/lttng-dev
