[patch] nsca chroot() support

Ethan Galstad nagios at nagios.org
Tue Mar 21 20:42:42 CET 2006

Previous message: [patch] nsca chroot() support
Next message: Passive checks showing as OK in CGIs
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 12 Mar 2006 at 6:00, sean finney wrote:

> hi ethan et al,
> 
> attached is a an initial patch which gives nsca the ability to
> perform a chroot() before dropping privileges when in daemon
> mode.  the patch basically does the following:
> 
> - provide a new nsca.cfg option nsca_chroot_dir
> - split the drop_privileges function into two logical parts:  the part
>   that gets the user/group info and the part that actually does the
>   dropping.  this is necessary because in most cases it's impossible
>   to get the user/group info after chrooting, and chrooting needs to
>   be done before privileges are dropped.
> - introduce a do_chroot function which uh, does the chrooting if the
>   configuration option is specified.  nsca exits with an error if the
>   chroot fails.

Thanks!  Patch will be in CVS shortly.

> 
> also, while making this patch, i've noticed the following:
> 
> - there seems to be a mishmash of spaces and tabs used for
> indentation.
>   which should i use?  i fear i have only added to the mishmash but
>   have tried to minimize the size of the diff at least.

Tabs should be used.  I've always unsuccessfully struggled with emacs 
to get it to indent my closing brackets by the standard offset, which 
is whey there were 8 spaces. I decided to take another stab at 
overriding the default behavior today and found the magic of the c-
offsets-alist option, so future code should be much cleaner. :-)

> - currently nsca does not exit with an error if it fails to drop
>   privileges.  is this intentional?

Its probably a good idea to bail out if it can't drop privs.  I 
changed the code to reflect this, and make a change to only drop 
privs if we start out as the root user.

> 
> 
> anyway, please let me know if you see any issues with this patch.
> 
> 
> thanks,
>  sean
> 



Ethan Galstad,
Nagios Developer
---
Email: nagios at nagios.org
Website: http://www.nagios.org



-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642

Previous message: [patch] nsca chroot() support
Next message: Passive checks showing as OK in CGIs
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Developers mailing list