Details
-
Type:
Improvement
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: 0.1
-
Fix Version/s: 0.1
-
Component/s: None
-
Labels:None
-
Environment:
all
-
Patch Info:Patch Available
Description
this patch allows non-root users to issue the following commands:
counters
name
version
alive
status
leaving 'stop' and 'reload' as root operations.
It also provides a basic help/usage
Activity
- All
- Comments
- Work Log
- History
- Activity
- Transitions
I don't think this patch really belongs in the codebase. This is only a client-side script that you're protecting. This isn't affecting who actually has any privileges to make this type of call into the server. There's no real reason why root should be required to run fb303 management scripts. You may have your network set up this way, but it's completely reasonable for people to run Thrift services in non-root environments and want to administer them as such.
So, this is a nice gatekeeper to block mistakes in some configurations, but an unnecessary limitation for non-root environments..
Hi Mark.
your mistaking the patch.
as-is ALL commands are being blocked for non-root users, so this is relaxing that, not restricting it.
I left the stop/reload commands as root-required as they could cause damage.
Ack, yes. You're right I read this totally backwards. This change is fine then. And I would support a further change to remove the root requirement altogether if other people working on non-root environments would find that useful. But I guess there's no rush until someone specifically needs that.
patch to allow non-root users to run commands