[Nagiosplug-devel] --with-nagios-user/group options

Ton Voon ton.voon at altinity.com
Sun Mar 25 16:22:54 CEST 2007

Previous message: [Nagiosplug-devel] --with-nagios-user/group options
Next message: [Nagiosplug-devel] [ nagiosplug-Bugs-1660953 ] check_disk.t - test 36 exiting non ok but should be ok
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 12 Mar 2007, at 20:40, Ethan Galstad wrote:

> Gavin Carr wrote:
>> On Sun, Mar 11, 2007 at 01:08:17AM +0000, Ton Voon wrote:
>>> The whole point about configure scripts is to make common cases work
>>> by selecting appropriate flags. So my current thinking is to do  
>>> this:
>>>
>>>   - if you leave out with-nagios-user/group, it will install with  
>>> the
>>> user that runs "make install". If user is root, then the setuid
>>> plugins will get installed in addition. This mimics coreutils,  
>>> apache
>>> and mysql's behaviour
>>>   - if you choose --with-nagios-user, then the normal plugins  
>>> will be
>>> given ownership of the executables
>>>   - if you choose --with-nagios-group, then the normal and root
>>> plugins will be given group ownership of the executables
>>>   - if you choose a new --without-world-permissions, then normal and
>>> root plugins will not have world read or execute permissions
>>
>> This all looks good to me.

I've committed a change for this now. I've also posted a blog entry  
about it at http://www.nagioscommunity.org/2007/03/25/installing-the- 
nagios-plugins/. I'll copy relevant portions over to http:// 
nagiosplugins.org too later.


>>> So you gain most security by running ./configure --with-nagios- 
>>> user=X
>>> --with-nagios-group=Y --without-world-permissions. Any other fine
>>> tuning of this would be left as an exercise to the user.
>>>
>>> The decision to install root plugins is made by whether you  
>>> decide to
>>> install as root.
>>
>> Do you mean 'install' or 'install setuid'? If the former, then non- 
>> root
>> packagers are still going to want a way of installing those  
>> plugins, so
>> we still will need a 'make install-root' or some such eh?
>>
>> I actually prefer the 'install setuid' option - always install  
>> everything,
>> and then make root plugins setuid if effective user is root. That  
>> does
>> the right thing in the direct-install case, and makes life easy for
>> packagers too.
>
> Both of these options sound good by me too.

Hopefully, the blog entry explains all the necessary bits. Let me  
know if I've missed anything or it doesn't work as expected.

I'll cut a 1.4.7 release on Tuesday if there's no adverse reactions.

Ton

http://www.altinity.com
T: +44 (0)870 787 9243
F: +44 (0)845 280 1725
Skype: tonvoon

Previous message: [Nagiosplug-devel] --with-nagios-user/group options
Next message: [Nagiosplug-devel] [ nagiosplug-Bugs-1660953 ] check_disk.t - test 36 exiting non ok but should be ok
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Devel mailing list