This is for changing root access to unpriviledged user in Unnoc 1.0.10.1 2007-04-19 http://unnoc.org This file explains how to convert Unnoc from using the "root" user to an unprivileged user. 1. First, you must install Net::Ping::External. 2. Change ownership of the /webroot directory 3. Change the /etc/crontab entry 4. Side-effects First, please note that the elapsed time returned from Net::Ping is a bit more accurate than timing Net::Ping::External yourself (because Net::Ping::External doesnt offer a means of time returned). This means that if you convert from root to a nonprivileged user, then your ping times will be slightly higher (not as accurate as if you were to manually ping from a command line). For some, this is a fair trade off if they cannot run Unnoc as root. 1. Install Net::Ping::External If it is not installed, install it. To quickly check if it is installed, you can run the module checker in the unnoc release directory: ./perl-module-checker.pl It will tell you if Net::Ping::External is installed, if it's not installed, then you should install it Debian: apt-get install libnet-ping-external-perl RPM Other Distro/OS: Consult your distro for your RPM or DPKG package. CPAN method: perl -MCPAN -e shell cpan> install Net::Ping::External Manual download method Download from: http://search.cpan.org/CPAN/authors/id/C/CO/COLINM/Net-Ping-External-0.10.tar.gz Untar, compile and install: tar xzf Net-Ping-External-0.10.tar.gz cd Net-Ping-External perl -f Makefile.PL make make install 2. Change the user from "root" to the dedicated "unnoc" user First, create the user # useradd unnoc For the remainder of this document, I will refer to the unnoc user and group as username "unnoc" group "unnoc" The only thing required is to change the permissions on the /location/unnoc directory, not including the PNG files. If the PNG files get replaced, then the apache user will not be able to write the files, so all of your graphs will not be updated. I've written a script do this, syntax is: update-perms.pl /location/unnoc user group So, in this instance, with username "unnoc" group "unnoc", issue the following command (as root): # upgrade/update-perms.pl /var/www/unnoc unnoc unnoc You are done. --------------------------------- If you prefer the manual way, this is all that is required: First, we remove all the *.png files from the rrd/ directory, because they are owned as the apache user. Then we'll change the permissions on all files and directories, then we're done These instructions assume a UID of "unnoc" and a GID of "unnoc" These instructions assume that unnoc is in "/var/www/unnoc" cd /var/www/unnoc find rrd/ -type "*.png" | xargs rm -f chown . -R unnoc:unnoc 3. Daemon / Crontab If you are using crontab method, simply rename the user in the crontab: * * * * * unnoc /var/www/unnoc/bin/unnoc-cron.pl If you are using the daemon mode, set the daemon_user and daemon_group users in the unnoc.conf file: daemon_user = unnoc dameon_group = unnoc If the vars don't exist in the unnoc.conf, simply add them. 4. Side effects One unfortunate side effect with using Net::Ping::External is that it does not pull the ping times from the system ping utility, but instead it is actually doing its own timing internally using Time::Hires. As this will give you a low ping time (generally in the millisecond range), it does not count for the shell load, and the load of ping into memory, which can be extremely fast, but your ping times might be off by anywhere from 10ms - 400ms. If you do not care about this, then you can keep running in unprivileged mode. If accurate ping times are important, then run unnoc as root. This will use Net::Ping which has a much more efficient means. vim:tw=72:wm=1