[Date Prev][Date Next][Thread Prev][Thread Next]
[Date Index]
[Thread Index]
- Subject: Re: Running Lua as root
- From: Sean Conner <sean@...>
- Date: Tue, 8 Oct 2013 00:36:53 -0400
It was thus said that the Great Rena once stated:
>
> I hadn't thought about dropping root after opening files, but I'm not sure
> it'll work for this case. Every time I want to get up to date stats from
> some of the files in /proc I need to open them again - every time I open
> them I get a snapshot of the contents. Additionally to collect stats like
> the top hogs of CPU/memory, the only way I know is to check certain files
> under /proc/$PID/ for every PID, and some of them are only readable by root
> or the process they belong to (e.g. /proc/$PID/io which has stats on I/O
> operations). So a program that monitors this information has to keep root
> privileges as long as it runs.
Well, how paranoid do you want to be? Me, in this case, I wouldn't worry
too much about it---just make the program setuid root, and have it *just*
read the file(s) in question and dump the stats. You might be fine with
that.
I do have a daemon I wrote [1], that's expected to be run as root, that
hands out sockets to restricted ports (less than 1024) to non-root processes
that can be modified to handle files (in fact, an earlier version did just
that, and that feature could be added back in), but
1) it's Lua 5.1 only
2) it's Linux only
3) it requires some addtional modules be installed [2]
but it allows some pretty fine grained control (based on uid, gid,
executable name).
-spc
[1] https://github.com/spc476/ipacld
[2] https://github.com/spc476/lua-conmanorg