Created attachment 205018 [details]
updated pkg-plist with plugin setuid
The Netdata install script runs chmod 4750 on plugins that require root privileges.
I have updated pkg-plist to apply the same permissions.
I have tested FreeIPMI functionality working out-of-the box with the updated pkg-plist.
For reference, see Netdata installation script:
I noticed that my patch actually doesn't work because the plugins are not owned by netdata. Therefore the 4750 permissions don't allow the daemon to access the plugins.
Changing to 4755, but it gives arbitrary users the ability to run the plugins as root, which strikes me as a security risk.
I am wondering if the correct way to handle this is to change the ownership to root:netdata and stick with the 4750 permissions.
It would be great if you could provide additional context and information to help this make progress
Q: What is the impact of the current state of the port, specifically not having those plugins setuid, or chmod'd as proposed? Is this a complete, partial, or specific failure mode?
Can you include all the ownership/chmod details of the relevant files/dirs in question, as an attachment
You may be correct that changing ownership/groups may also be required, so as not to allow arbitrary users to run plugins (per your comment 2)