summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDanijel Tasov <m@rbfh.de>2023-09-23 16:18:08 +0200
committerDanijel Tasov <m@rbfh.de>2023-09-23 16:18:08 +0200
commit8272d73e579739cccbfce61f7401cd5f8b9fd0e0 (patch)
tree42a06d16036835a81c63dbcdf71da0d8155dc4db
parentf5c5a7438fa34f2ee2c0b9914806f9a26b56ba59 (diff)
downloadmonitoring-plugins-8272d73e579739cccbfce61f7401cd5f8b9fd0e0.tar.gz
remove root check
We can perfectly do icmp without root by using capabalities. So, instead of doing unsufficient checks beforehand, we just try and fail if it doesn't work. Signed-off-by: Danijel Tasov <m@rbfh.de>
-rw-r--r--lib/utils_base.c13
-rw-r--r--plugins-root/check_icmp.c3
2 files changed, 0 insertions, 16 deletions
diff --git a/lib/utils_base.c b/lib/utils_base.c
index 8a03d098..3822bcf1 100644
--- a/lib/utils_base.c
+++ b/lib/utils_base.c
@@ -300,19 +300,6 @@ char *np_escaped_string (const char *string) {
300 300
301int np_check_if_root(void) { return (geteuid() == 0); } 301int np_check_if_root(void) { return (geteuid() == 0); }
302 302
303int np_warn_if_not_root(void) {
304 int status = np_check_if_root();
305 if(!status) {
306 printf(_("Warning: "));
307 printf(_("This plugin must be either run as root or setuid root.\n"));
308 printf(_("To run as root, you can use a tool like sudo.\n"));
309 printf(_("To set the setuid permissions, use the command:\n"));
310 /* XXX could we use something like progname? */
311 printf("\tchmod u+s yourpluginfile\n");
312 }
313 return status;
314}
315
316/* 303/*
317 * Extract the value from key/value pairs, or return NULL. The value returned 304 * Extract the value from key/value pairs, or return NULL. The value returned
318 * can be free()ed. 305 * can be free()ed.
diff --git a/plugins-root/check_icmp.c b/plugins-root/check_icmp.c
index 2ad644ec..a7fad36a 100644
--- a/plugins-root/check_icmp.c
+++ b/plugins-root/check_icmp.c
@@ -417,9 +417,6 @@ main(int argc, char **argv)
417 bindtextdomain (PACKAGE, LOCALEDIR); 417 bindtextdomain (PACKAGE, LOCALEDIR);
418 textdomain (PACKAGE); 418 textdomain (PACKAGE);
419 419
420 /* print a helpful error message if geteuid != 0 */
421 np_warn_if_not_root();
422
423 /* we only need to be setsuid when we get the sockets, so do 420 /* we only need to be setsuid when we get the sockets, so do
424 * that before pointer magic (esp. on network data) */ 421 * that before pointer magic (esp. on network data) */
425 icmp_sockerrno = udp_sockerrno = tcp_sockerrno = sockets = 0; 422 icmp_sockerrno = udp_sockerrno = tcp_sockerrno = sockets = 0;