Non-root access

[niclashoyer]

Is it possible to run sysdig as a non-root user? Maybe grant everyone in the sysdig group access?

If not, why? Maybe this should be added to the documentation.

[timzimmermann]

That's possible with sudo. Use visudo to edit the sudo-config. Add the line %sysdig ALL= path/to/sysdig and save (path is most likely /usr/local/bin/sysdig, note the space after =). Now the group sysdig is allowed to use the sudo command, but only for the specified binary.

[gianlucaborello]

As @timzimmermann said, sudo is the way to go.

If you were to do it manually without sudo, you would have to do a chgrp / chmod to /dev/sysdig* (passing the sysdig group), but libscap will still need to traverse the entire /proc file system to fetch the initial state of the processes in the system, so you will need to set some pretty large capabilities on the sysdig binary with setcap, so you might as well just run it as root wrapped under sudo.

[gianlucaborello]

So this should be ok, please feel free to add a wiki page to document these steps @timzimmermann , I'm sure it will be useful for other people!

[timzimmermann]

Done, feel free to improve it.

[gianlucaborello]

Thanks a lot for doing this!

I just added a few more technical details.