Running MRTG as a non-root user - thoughts?

To: Debian Developers' List <debian-devel@lists.debian.org>
Subject: Running MRTG as a non-root user - thoughts?
From: Michael-John Turner <mj@turner.org.za>
Date: Sat, 25 Nov 2000 08:36:18 +0200
Message-id: <[🔎] 20001125083618.A28927@leeloo.pimp.org.za>

Hi all

I'm in the process of updating the Debian MRTG package to version 2.9.4
and making quite a few major changes (splitting off contrib into a
separate package, etc). One of the things that has been suggested is that
MRTG doesn't need to run as root (by default it's run as root via cron,
although it can also be run as a daemon). 

If I switch to using a non-root user, there are possibly some security
advantages (although the riskiness of running as root is fairly minimal as
MRTG doesn't bind to a socket, doesn't write temporary files in /tmp, etc),
but some patches will probably need to be applied if I do make the switch.
The disadvantages are that there'll be yet another user and group created
on systems that use MRTG and file permissiosn on existing MRTG setups will
have to be migrated.

Anyone got any thoughts on this? I don't want to go through the whole
process of switching to a non-root user if it isn't really necessary.

-mj
-- 
Michael-John Turner      | http://www.edr.uct.ac.za/~mj/
mj@debian.org            | Open Source in WC ZA - http://www.clug.org.za/
mj@phantom.eri.uct.ac.za | GPG/PGP key via mail, WWW or finger @phantom

Reply to:

Follow-Ups:
- Re: Running MRTG as a non-root user - thoughts?
  - From: Alexander Koch <efraim@sonic.de>
- Re: Running MRTG as a non-root user - thoughts?
  - From: Herbert Xu <herbert@gondor.apana.org.au>
- Re: Running MRTG as a non-root user - thoughts?
  - From: Matt Zimmerman <mdz@debian.org>

Prev by Date: ITA: djtools
Next by Date: Re: [RFD] Debian's mime support
Previous by thread: ITA: djtools
Next by thread: Re: Running MRTG as a non-root user - thoughts?
Index(es):
- Date
- Thread