Question about NET-SNMP and what user context extend scripts run under

This is a discussion on Question about NET-SNMP and what user context extend scripts run under within the SNMP Users forums, part of the Networking and Network Related category; I've been reading through all the docs and man pages on NET-SNMP trying to find answers to the ...


Go Back   Usenet Forums > Networking and Network Related > SNMP Users

Reload this Page Question about NET-SNMP and what user context extend scripts run under

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 04-12-2006
eyechart@gmail.com
 
Posts: n/a
Default Question about NET-SNMP and what user context extend scripts run under
I've been reading through all the docs and man pages on NET-SNMP trying
to find answers to the following questions. So far I cannot, so I
apologize if my noob questions are answered in a FAQ somewhere..

First, let me outline what I want to do. I want to use NET-SNMP and
it's ability to execute external commands to help with monitoring
MySQL. I want to do this so we can change our monitoring to be more
distrubuted, instead of one central system executing queries against
dozens and dozens of MySQL instances. We also want to do this so we
can avoid including the passwords in our scripts, or opening up the
security too much at the database end to a user that can connect
remotely. We also don't want to have to push or pull large amounts of
data across the LAN/WAN only to be sed/grep/awked by a shell script on
the monitoring server. I would rather do all that on the system being
monitored. I think this is pretty well understood as one of the big
benefits of NET-SNMP, so I am probably preaching to the choir.

Anyway, the issue that I am having is trying to determine how to
configure the user context that NET-SNMP will use to execute these
scripts against the database. One of the things I want to accomplish
is to not have any passwords visible through ps. The way MySQL
accomplishes this is by including the login information in a .my.cnf
file in the user home dir. This file is locked down (of course) and is
only read/writable by that specific user. When a mysql command line
tool is executed under that user context it reads the .my.cnf and uses
the login information to connect to the database. No login or password
is visible in the user history or in ps output. I also don't have to
configure an account that can connect to the database from a remote
host. The only way to access the database this way is to query mysql
from the host it is running on as this specific user.

So, does anyone have a recommendation for a configuration like this?
Should the snmpd daemon run as root or some other user? is there a way
to have certain commands (exec or extend) run under a different user
context than the snmdp daemon does? Can I run multiple snmpd daemons,
one as root and another as the mysql user? Am I missing something
terribly obvious and being an idiot?

Thanks for any and all advice, it is very much appreciated.



-ec

Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 12:15 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0