New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
HetrixTool run as root?
Advicerxyz
Member
in Help
Hey, i have used Hetrix for alot of my vps for checking usage of the server,
but i have 1 server under cloudlinux as per they say i need to run their agent under root, cause cloudlinux limiting it?
any risk for it? like leaked root info? unauthorized access? hacked server? or does it safe to run it under root and not under account?
Comments
Anything you're running as root risks exposing the system directly from the root level. Obviously that doesn't stop you from trusting a great deal of services from running as root, root obviously has a place in the OS. If you're asking if there are any known vulnerabilities on hetrixtools, there are none that have been made public at least.
yeah thats why i have unistall it from the cloudlinux server, cause it getting issue fetch the info with cloudlinux on the server
The agent is open source, and as you can see from its code it performs one wget post to our platform, every minute (last line of code):
https://github.com/hetrixtools/agent/blob/master/hetrixtools_agent.sh
The output from that wget is disposed immediately to /dev/null
The agent running on your server isn't fetching anything from our platform that would be ran on your server.
Say, even if our platform were to be compromised and the endpoint where your agent is posting data to would start returning data or commands, the agent is simply discarding that data.
The only reason the agent needs to run as root when on CloudLinux servers is because CloudLinux is jailing the hetrixtools user way too much for it to be able to collect system data from your server. And again, you can inspect the commands used by the agent to collect data from your server in the open source agent file, none of them pose any risk.
You should adapt on this option. If it's with CL -> leave root, if it's not -> go to user rights. You, as a programmer must listen to user concerns and address them if it's reasonable, doable and sane. And dropping to user privileges when there is no need for root is doable indeed.
So you're saying that instead of never having root in cases where it's not needed he should instead get root, decide he doesn't need it, and drop privs?
Yes, if there is a problem with setups like cloudlinux. Or just simply don't support cl setups at all.
Why is that better? Now the agent is getting root access when it's not necessary.
Uh... I much prefer the current option where it'll run as a user and then you have to manually set it to run as root if extra privs are needed.