24 Sep
2008
24 Sep
'08
9:33 p.m.
Hi,
I am using sipgrep to do sip traces on an openser/asterisk. I am find
this great for getting readable traces - previously ngrep was
difficult to read.
However, to use sipgrep, I need to be logged in as the linux root
user. I can change the PATH of an admin user so that they can have
access to the command but they cannot use it as they need to be root
in order to gain access to see the network traffic. Does anyone know
of a way to do this? Is it normal to have engineers continually log
in as root to take these traces - it seems awful dangerous? I know
you could log in as a non-prileged user and put in sudo sipgrep -f xxx
-t xxx, but not sure if people are actually doing this in production
systems, or have a workaround?
Thanks
Robert
24 Sep
24 Sep
9:40 p.m.
You could set the suid bit on the process so that it would effectively
run as root even if invoked by a nonroot user.
Otherwise, yes, it is pretty standard to have to run this stuff as root.
Robert McNaught wrote:
Hi,
I am using sipgrep to do sip traces on an openser/asterisk. I am find
this great for getting readable traces - previously ngrep was
difficult to read.
However, to use sipgrep, I need to be logged in as the linux root
user. I can change the PATH of an admin user so that they can have
access to the command but they cannot use it as they need to be root
in order to gain access to see the network traffic. Does anyone know
of a way to do this? Is it normal to have engineers continually log
in as root to take these traces - it seems awful dangerous? I know
you could log in as a non-prileged user and put in sudo sipgrep -f xxx
-t xxx, but not sure if people are actually doing this in production
systems, or have a workaround?
Thanks
Robert
_______________________________________________
Users mailing list
Users(a)lists.kamailio.org
http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
--
Alex Balashov
Evariste Systems
Web : http://www.evaristesys.com/
Tel : (+1) (678) 954-0670
Direct : (+1) (678) 954-0671
Mobile : (+1) (706) 338-8599
25 Sep
25 Sep
12:02 a.m.
El Miércoles, 24 de Septiembre de 2008, Alex Balashov escribió:
You could set the suid bit on the process so that it
would effectively
run as root even if invoked by a nonroot user.
Otherwise, yes, it is pretty standard to have to run this stuff as root.
IMHO is much secure to use "sudo". You can allow a user to run an specific
command (sipgrep) with root privileges without asking for him own password.
Search any example in the web.
--
Iñaki Baz Castillo
5903
days inactive
5903
days old
2 comments
3 participants
participants (3)
-
Alex Balashov -
Iñaki Baz Castillo -
Robert McNaught