Wednesday, August 31, 2022

net-snmpd: Change default socket permissions

If we want to move towards easier and safer integration of agentx
backends, I think it makes sense to let net-snmpd have the same default
permissions as base snmpd(8).

I choose for EXAMPLE.conf and not to change it in the code to surprise
the least amount of people (if any).

OK?

martijn@

Index: Makefile
===================================================================
RCS file: /cvs/ports/net/net-snmp/Makefile,v
retrieving revision 1.121
diff -u -p -r1.121 Makefile
--- Makefile 17 Jul 2022 09:03:22 -0000 1.121
+++ Makefile 31 Aug 2022 15:00:12 -0000
@@ -6,6 +6,7 @@ DISTNAME= net-snmp-$V
MULTI_PACKAGES= -main -tkmib
PKGNAME-main= net-snmp-$V
PKGNAME-tkmib= net-snmp-tkmib-$V
+REVISION-main= 0

# tkmib isn't flavoured
FULLPKGPATH-tkmib= net/net-snmp,-tkmib
Index: patches/patch-EXAMPLE_conf_def
===================================================================
RCS file: patches/patch-EXAMPLE_conf_def
diff -N patches/patch-EXAMPLE_conf_def
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ patches/patch-EXAMPLE_conf_def 31 Aug 2022 15:00:12 -0000
@@ -0,0 +1,14 @@
+$OpenBSD$
+
+Index: EXAMPLE.conf.def
+--- EXAMPLE.conf.def.orig
++++ EXAMPLE.conf.def
+@@ -188,6 +188,8 @@ linkUpDownNotifications yes
+ #
+ # Run as an AgentX master agent
+ master agentx
++ # Make AgentX master socket permissions identical to base snmpd
++ agentXPerms 660 755 root _agentx
+ # Listen for network connections (from localhost)
+ # rather than the default named socket /var/agentx/master
+ #agentXSocket tcp:localhost:705

No comments:

Post a Comment