-
Notifications
You must be signed in to change notification settings - Fork 573
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow to run cli without root #4947
Comments
👍 |
My actual solution is so set the uid with fakeroot, but i think it is not the best way, because the binary need no root permissions. |
@CobbleCity another solution is to modify the source code from the extracted code directory by: sed -i s/"getuid() != 0"/"getuid() == 0"/g icinga-app/icinga.cpp sed -i s/"must be run as root"/"must NOT be run as root"/g icinga-app/icinga.cpp So you shouldn't need the fakeroot. |
@kobmaki patches by myself are a workaround, but not a solution :) |
The question is why does it need root in the first place? I my setups (99.99% automated) icinga2 always runs as an unprivileged user. This "enable feature" feature is just about manipulations with files (isn't it?), icinga2's home directory always has proper owner and permissions. I ended up with All this situation with root does not look sane. |
ref/NC/603163 |
Please could anyone describe a real-world example of how does Icinga 2 run in a production setup w/o root? |
|
Had to do with packaging, Docker, Puppet, ... but what the heck is that? |
If this is something like packaging, then it's for none of the officially supported OSes – so please stick with fakeroot (in this case). |
... or include a custom patch in your packager repo. |
I will deal with this in a customer project which is tbd. |
This requires write permissions for - etc/features-* - etc/*.conf - var/{lib,cache}/icinga2/* Typically permissions are handled by prepare-dirs, or the respective CLI commands are run as root either way. fixes #4947
Hi,
i'm build my icinga installation in a userspace and run it in the same :)
My problem is this code blog: https://github.com/Icinga/icinga2/blob/master/icinga-app/icinga.cpp#L377-L381
When i install the complete icinga installation in the user space, the cli need no access to files there are not located in my user space. So, the binary needs no root access.
Can we remove this block or make a build variable to deactive the uid check?
Best,
Patric
The text was updated successfully, but these errors were encountered: