[lttng-dev] lttng, lttng-sessiond and the tracing group
Thibault, Daniel
Daniel.Thibault at drdc-rddc.gc.ca
Fri Feb 8 17:02:05 EST 2013
-----Message d'origine-----
Message: 3
Date: Wed, 6 Feb 2013 18:27:24 +0000
Subject: Re: [lttng-dev] lttng, lttng-sessiond and the tracing group
> This may very well be an "Ubuntism". All flavours of Ubuntu use a locked
> root and force all users to systematically use sudo; the su command won't
> go anywhere because there is no root password. [...] The short and sweet
> of it is that (nearly) all super-user operations under Ubuntu will be conducted
> by a user (with sudo privileges), not by the root account. Hence the
> shenanigans I ran into. It sounds like LTTng will have to adjust the way it
> allocates the root .lttngrc path under Ubuntu systems, so that it uses
> /root/.lttngrc instead of ~/.lttngrc
------------------------------
Follow up:
Turns out the collision between the root and local daemon copies of .lttngrc can be avoided by prefixing
the lttng commands with 'sudo -H' for a default Ubuntu configuration. Other sudo configurations may be
susceptible to this problem as well, because the value of the HOME environment variable when invoking
sudo is decided by the sudo security policy.
The problem is that sysadmins can set the root HOME to an arbitrary value for whatever reason, so
lttng-sessiond should not force its HOME to 'root': that would be bad form. Instead, since the daemons are
communicating with each other, there could be a bit of negotiation. In a nutshell, the root daemon would
veto the launch of a user lttng-sessiond if the latter's HOME matched its own. Similarly, if the root lttng-sessiond,
upon launching, discovered a user lttng-sessiond with a coinciding HOME, it could either refuse to launch itself or
pre-empt the user lttng-sessiond (i.e., shut it down). Either way the user(s) would get an appropriate error
message.
The case where multiple users are assigned a single HOME by the sysadmin would be handled similarly.
On the other hand, maybe a simpler solution would be to have the .lttngrc file's name be suffixed to avoid any
collisions. The root daemon's .lttngrc would become .lttngrc-root, etc. I don't think there would be a need to decorate
the 'lttng-traces' folder's name, since the contained traces are already "collision-proofed" by their timestamp suffixes.
Does this make sense?
Daniel U. Thibault
R & D pour la défense Canada - Valcartier (RDDC Valcartier) / Defence R&D Canada - Valcartier (DRDC Valcartier)
Cyber sécurité pour les missions essentielles (CME) / Mission Critical Cyber Security (MCCS)
Protection des systèmes et contremesures (PSC) / Systems Protection & Countermeasures (SPC)
2459 route de la Bravoure
Québec, QC G3J 1X5
CANADA
Vox : (418) 844-4000 x4245
Fax : (418) 844-4538
NAC : 918V QSDJ <http://www.travelgis.com/map.asp?addr=918V%20QSDJ>
Gouvernement du Canada / Government of Canada
<http://www.valcartier.drdc-rddc.gc.ca/>
More information about the lttng-dev
mailing list