Icinga2: Allow to run cli without root

Created on 24 Jan 2017 · 12Comments · Source: Icinga/icinga2

Hi,

i'm build my icinga installation in a userspace and run it in the same :)

My problem is this code blog: https://github.com/Icinga/icinga2/blob/master/icinga-app/icinga.cpp#L377-L381

When i install the complete icinga installation in the user space, the cli need no access to files there are not located in my user space. So, the binary needs no root access.

Can we remove this block or make a build variable to deactive the uid check?

Best,
Patric

arecli bug help wanted reNC

Source

psteffen

Most helpful comment

My actual solution is so set the uid with fakeroot, but i think it is not the best way, because the binary need no root permissions.

psteffen on 25 Jan 2017

👍2

All 12 comments

👍
I like the idea of checking actual permissions rather than uid as capabilities could also be removed from root.

dgoetz on 24 Jan 2017

👍1

My actual solution is so set the uid with fakeroot, but i think it is not the best way, because the binary need no root permissions.

psteffen on 25 Jan 2017

👍2

@CobbleCity another solution is to modify the source code from the extracted code directory by:

sed -i s/"getuid() != 0"/"getuid() == 0"/g icinga-app/icinga.cpp
sed -i s/"must be run as root"/"must NOT be run as root"/g icinga-app/icinga.cpp

So you shouldn't need the fakeroot.

kobmaki on 5 Mar 2017

@kobmaki patches by myself are a workaround, but not a solution :)

psteffen on 7 Mar 2017

👍1

The question is why does it need root in the first place? I my setups (99.99% automated) icinga2 always runs as an unprivileged user. This "enable feature" feature is just about manipulations with files (isn't it?), icinga2's home directory always has proper owner and permissions. I ended up with fakeroot.

All this situation with root does not look sane.