[Pkg-nagios-devel] does it seem feasible to make the icinga/nagios packages users/groups configurable

[Christoph Anton Mitterer]

Hi Markus.

On Thu, 2012-06-21 at 15:26 +0200, Markus Frosch wrote:
> * a webserver with hosting is not the place for an Icinga/Nagios
>   installation if you have security concerns
Well that may be true,... but
- not all people have enough resource to distribute services on
different nodes
- having e.g. a nagios/icinga AND nrpe/irpe AND icinga-cgi AND
icinga-web on one node is not that uncommon... and even there security
would benefit from the privilege separation.
> 

> * your ideas might be good, but to complex to support and maintain
I haven't looked into debconf so far,... but I'd say from a technical
side, all that seems rather simple to me.
A problem may be if you really want to have multiple users/groups
reading/writing several files (as you need ACLs then).
But apart from that?
On a first glance I'd say it's just modifying some settings in the
respective config files and/or init-scripts and chown-ing some
files/dirs in the maintainer scripts.

> 
> * if you have special needs to a software installation the "default"
> Debian
>   package might not be you best choice, build your own package
>   (use ours as example)
Of course,... but I think more people could benefit from this.
> 
> 
> * a Debian package is designed to fit the needs of a majority of users
>   and provide a simple way of installing a software
Yeah of course, bus I think we also try to supply our users with a
maximum of security per default. And as said above, I don't think that
things would get much more complicated.
Especially not, if one simply uses the current handling as default.


Cheers,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5677 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-nagios-devel/attachments/20120621/4696407b/attachment.bin>