This is the mail archive of the systemtap@sourceware.org mailing list for the systemtap project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
On Mon, 4 Jun 2007, David Smith wrote:
One of the complaints we get from users is that we require root access (using sudo) to install/remove the kernel module. Large enterprise customers typically don't give out sudo access to all admins. So, they would like a way to designate certain scripts/modules as "blessed", and allow admins/developers/etc. without root access to run those "blessed" scripts/modules.
The easiest way to designate a certain script as "blessed" (and quite difficult to goof it up) is to let a trusted user take the source of the script, check it, make a kernel module, and install it into a designated directory on the target system (or systems), perhaps under "/lib/modules/$version".
If you are afraid of allowing "untrusted admins" run "sudo modprobe the_probe" (but not afraid of allowing to run your own setuid root program) you can create something like "sustaprun" that will make it possible to load blessed modules (from the designated directory) only.
-- David Smith dsmith@redhat.com Red Hat http://www.redhat.com 256.217.0141 (direct) 256.837.0057 (fax)
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |