@anonfunc It is a pity that whether or not to create the user cannot be configured. It occurs to me that you could make another telegraf-static
package with the user creation (or turn this one back and create a telegraf-dynamic
).
Search Criteria
Package Details: telegraf 1.32.3-1
Package Actions
Git Clone URL: | https://aur.archlinux.org/telegraf.git (read-only, click to copy) |
---|---|
Package Base: | telegraf |
Description: | Plugin-driven server agent for reporting metrics into InfluxDB |
Upstream URL: | http://influxdb.org/ |
Keywords: | InfluxData influxdb |
Licenses: | MIT |
Submitter: | exz |
Maintainer: | ogarcia |
Last Packager: | ogarcia |
Votes: | 41 |
Popularity: | 0.112749 |
First Submitted: | 2015-09-02 18:05 (UTC) |
Last Updated: | 2024-11-20 07:55 (UTC) |
Dependencies (3)
- glibc (glibc-gitAUR, glibc-linux4AUR, glibc-eacAUR, glibc-eac-binAUR, glibc-eac-rocoAUR)
- git (git-gitAUR, git-glAUR) (make)
- go (go-gitAUR, gcc-go-gitAUR, go-sylixosAUR, gcc-go-snapshotAUR, gcc-go) (make)
Required by (0)
Sources (3)
ogarcia commented on 2023-11-22 12:36 (UTC)
anonfunc commented on 2023-11-21 22:03 (UTC)
@ogarcia That's correct (even if the official documentation does rely on sudo to make collectors like smart working). I think I just mention it here for completeness, maybe someone has run into the same problem. I already applied DynamicUser=No as overwrite on my machines.
ogarcia commented on 2023-11-21 09:13 (UTC)
@anonfunc I know, but in a default Telegraf setup you don't need elevated privileges and the idea is to make the package as simple as possible and leave as little trace as possible after uninstalling it.
However, if you are interested in not using a dynamic user, it is easy:
sudo useradd -r -d / -s /usr/bin/nologin telegraf
sudo systemctl edit telegraf.service
And in the edition add:
[Service]
DynamicUser=no
With this you have telegraf running with a real user and it is persistent to reboots and package updates.
anonfunc commented on 2023-11-20 23:27 (UTC) (edited on 2023-11-20 23:28 (UTC) by anonfunc)
Using DynamicUser
in the service file breaks using telegraf with sudo based privilege escalation, since it implies NoNewPrivileges=yes
and this cannot be disabled while DynamicUser is on. (see https://www.freedesktop.org/software/systemd/man/latest/systemd.exec.html#DynamicUser= for more)
ogarcia commented on 2021-05-23 10:29 (UTC)
@hashworks fixed (again). If this happens again I'll do that you said, attach the version to a fixed commit istead of tag.
hashworks commented on 2021-05-22 12:38 (UTC) (edited on 2021-05-22 12:38 (UTC) by hashworks)
Checksum fails with 1.18.3 again – if upstream keeps overwriting version tags you might want to pin the commit hash.
ogarcia commented on 2021-05-09 09:36 (UTC)
@nogweii sure? I get 19856eef5762c0740f3531d5c4d55e25d8a9de34278ee6e1dcef49dfd48942e1
nogweii commented on 2021-05-08 23:54 (UTC)
There seems to be another checksum failure, why would they keep rebuilding the binary over and over.
ogarcia commented on 2021-05-02 11:48 (UTC) (edited on 2021-05-02 11:49 (UTC) by ogarcia)
@jhass, fixed. Seems that the guys at InfluxData rebuild the source binary and changed the checksum.
jhass commented on 2021-05-02 09:48 (UTC)
Checksum fails for me with 1.18.2, I get 19856eef5762c0740f3531d5c4d55e25d8a9de34278ee6e1dcef49dfd48942e1
Pinned Comments