Hi,
I am using sipgrep to do sip traces on an openser/asterisk. I am find this great for getting readable traces - previously ngrep was difficult to read.
However, to use sipgrep, I need to be logged in as the linux root user. I can change the PATH of an admin user so that they can have access to the command but they cannot use it as they need to be root in order to gain access to see the network traffic. Does anyone know of a way to do this? Is it normal to have engineers continually log in as root to take these traces - it seems awful dangerous? I know you could log in as a non-prileged user and put in sudo sipgrep -f xxx -t xxx, but not sure if people are actually doing this in production systems, or have a workaround?
Thanks
Robert
You could set the suid bit on the process so that it would effectively run as root even if invoked by a nonroot user.
Otherwise, yes, it is pretty standard to have to run this stuff as root.
Robert McNaught wrote:
Hi,
I am using sipgrep to do sip traces on an openser/asterisk. I am find this great for getting readable traces - previously ngrep was difficult to read.
However, to use sipgrep, I need to be logged in as the linux root user. I can change the PATH of an admin user so that they can have access to the command but they cannot use it as they need to be root in order to gain access to see the network traffic. Does anyone know of a way to do this? Is it normal to have engineers continually log in as root to take these traces - it seems awful dangerous? I know you could log in as a non-prileged user and put in sudo sipgrep -f xxx -t xxx, but not sure if people are actually doing this in production systems, or have a workaround?
Thanks
Robert
Users mailing list Users@lists.kamailio.org http://lists.kamailio.org/cgi-bin/mailman/listinfo/users
El Miércoles, 24 de Septiembre de 2008, Alex Balashov escribió:
You could set the suid bit on the process so that it would effectively run as root even if invoked by a nonroot user.
Otherwise, yes, it is pretty standard to have to run this stuff as root.
IMHO is much secure to use "sudo". You can allow a user to run an specific command (sipgrep) with root privileges without asking for him own password. Search any example in the web.
-
Alex Balashov -
Iñaki Baz Castillo -
Robert McNaught