Running MRTG as a non-root user - thoughts?
I'm in the process of updating the Debian MRTG package to version 2.9.4
and making quite a few major changes (splitting off contrib into a
separate package, etc). One of the things that has been suggested is that
MRTG doesn't need to run as root (by default it's run as root via cron,
although it can also be run as a daemon).
If I switch to using a non-root user, there are possibly some security
advantages (although the riskiness of running as root is fairly minimal as
MRTG doesn't bind to a socket, doesn't write temporary files in /tmp, etc),
but some patches will probably need to be applied if I do make the switch.
The disadvantages are that there'll be yet another user and group created
on systems that use MRTG and file permissiosn on existing MRTG setups will
have to be migrated.
Anyone got any thoughts on this? I don't want to go through the whole
process of switching to a non-root user if it isn't really necessary.
Michael-John Turner | http://www.edr.uct.ac.za/~mj/
firstname.lastname@example.org | Open Source in WC ZA - http://www.clug.org.za/
email@example.com | GPG/PGP key via mail, WWW or finger @phantom