become_a_nobody: call setgid and initgroups to update group list. #31

merged 1 commit into from Apr 20, 2012


None yet
3 participants

saaros commented Apr 2, 2012

Without this patch gmond is (usually) run just as a ganglia user in root group and all system services that need to be monitored must be accessible by ganglia:root. With the patch the ganglia user can be added to groups that provide access to the required resources. In any case running the gmond process with root's groups is usually not the desired behavior.

@ghost ghost assigned jbuchbinder Apr 12, 2012


dpocock commented Apr 20, 2012

This changes behavior of gmond in such a way that it may break things for existing users. Therefore, although it improves security, it should not be added to the 3.3 release series, or if it is in 3.3.x, it needs to be optional (controlled by a config parameter). It appears to be good for the 3.4 release series though, so it is accepted into master.

dpocock added a commit that referenced this pull request Apr 20, 2012

Merge pull request #31 from saaros/initgroups
become_a_nobody: call setgid and initgroups to update group list.

@dpocock dpocock merged commit b98de1e into ganglia:master Apr 20, 2012

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment