[lttng-dev] one sessiond for multiuser system

Thibault, Daniel Daniel.Thibault at drdc-rddc.gc.ca
Mon Aug 12 16:23:23 EDT 2013 

-----Message d'origine-----
Envoyé : 12 août 2013 16:11

On Mon, Aug 12, 2013 at 9:23 AM, Thibault, Daniel <Daniel.Thibault at drdc-rddc.gc.ca> wrote:
> ----------------------------------------------------------------------
>    Actually, a non-root user can also access the root daemon if he has sudo privileges.
>
>    The root daemon will see the various user-space events, but it will 
> *not* list the user sessions: the various lttng-sessiond daemons do 
> not talk to each other.  (This may become possible with a later 
> version of lttng)
>
>    To funnel all tracing through the root daemon, make sure any user lttng-sessiond daemons are killed and only the root lttng-sessiond daemon is running, then either make your users members of the 'tracing' group, or systematically use 'sudo lttng ...' or 'sudo -H lttng ...' from the user shells.  The first form will put the trace outputs in each user's ~/lttng-traces, the second form will combine all trace outputs in /root/lttng-traces.  You may need to chmod the resulting folders and files if you want to later access them as non-root.

Keep in mind that in this scenario, setting up your traces as root (using sudo) will still not let users that are not part of the 'tracing' group trace their applications as no interactions with the session daemon are allowed; that includes application registration.

Getting around that would require that your users also launch the applications themselves as root (using sudo) which is an unnecessary security risk.

Jérémie Galarneau
EfficiOS Inc.
-----Fin du message d'origine-----

   I'm not sure I understand what you're getting at when you say "setting up your traces as root (using sudo) will still not let users that are not part of the 'tracing' group trace their applications as no interactions with the session daemon are allowed; that includes application registration."  Users that are not part of the 'tracing' group need take no special action to get their apps traced: the root session daemon sees all user-spaces.

Daniel U. Thibault
Protection des systèmes et contremesures (PSC) | Systems Protection & Countermeasures (SPC)
Cyber sécurité pour les missions essentielles (CME) | Mission Critical Cyber Security (MCCS)
R & D pour la défense Canada - Valcartier (RDDC Valcartier) | Defence R&D Canada - Valcartier (DRDC Valcartier)
2459 route de la Bravoure
Québec QC  G3J 1X5
CANADA
Vox : (418) 844-4000 x4245
Fax : (418) 844-4538
NAC : 918V QSDJ <http://www.travelgis.com/map.asp?addr=918V%20QSDJ>
Gouvernement du Canada | Government of Canada
<http://www.valcartier.drdc-rddc.gc.ca/>

More information about the lttng-dev mailing list