Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[cmd/opampsupervisor] Specify requirements for privilege dropping #24299

Open
evan-bradley opened this issue Jul 17, 2023 · 0 comments
Open

[cmd/opampsupervisor] Specify requirements for privilege dropping #24299

evan-bradley opened this issue Jul 17, 2023 · 0 comments
Labels
cmd/opampsupervisor discussion needed Community discussion needed enhancement New feature or request never stale Issues marked with this label will be never staled and automatically removed

Comments

@evan-bradley
Copy link
Contributor

Component(s)

cmd/opampsupervisor

Is your feature request related to a problem? Please describe.

Update the Supervisor design document to describe how to run the Collector as another user, which will generally be a user with lesser permissions.

Describe the solution you'd like

The current draft for the Supervisor's config file specifies the following config to run the Collector as different user:

collector:
  # Optional user name to drop the privileges to when running the
  # Collector process.
  run_as: myuser

Open questions:

  1. Should this key be optional or required?
  2. What mechanism should be used to accomplish this?
    One idea is to use a default tool (su, sudo, etc.) and provide an option for users to specify their own tool/script to run the Collector.

Describe alternatives you've considered

No response

Additional context

See this comment chain on the Google Doc for more context on the discussion so far.
@evan-bradley evan-bradley added enhancement New feature or request never stale Issues marked with this label will be never staled and automatically removed cmd/opampsupervisor discussion needed Community discussion needed labels Jul 17, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
cmd/opampsupervisor discussion needed Community discussion needed enhancement New feature or request never stale Issues marked with this label will be never staled and automatically removed
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@evan-bradley