> Le 12 avr. 2018 à 21:10, Stuart Henderson <stu@spacehopper.org> a écrit :
>
> On 2018-04-12, Joel Carnat <joel@carnat.net <mailto:joel@carnat.net>> wrote:
>> Hi,
>>
>> I want net-snmpd to run a script via the extend directive.
>> This script has to run a command using doas to get temporary root
>> permission.
>>
>> The script is run on snmpcmd call but the doas command returns:
>> doas: a tty is required
>>
>> Is there a way to run doas from net-snmpd ?
>> I already have doas running from collectd-exec without issues.
>>
>> Thanks.
>>
>> # More infos on configuration and commands
>>
>> # grep extend /etc/snmp/snmpd.conf
>> extend test /home/scripts/test.sh
>>
>> # grep snmpd /etc/doas.conf
>> permit nopass _snmpd as root
>
> Net-SNMP runs as _netsnmp, but you're giving nopass access to _snmpd
> (base snmpd's uid, which doesn't execute anything anyway).
Of course…
Using "permit nopass _netsnmp as root" makes it run as expected.
Thanks a lot!
No comments:
Post a Comment