search

tableflip / guvnor

A node process manager that isn't spanners all the way down
MIT License
430 stars 37 forks source link

Guvnor Logging To secure #57

Closed dinosaw closed 9 years ago

dinosaw commented 9 years ago

On my CentOS 6 server, in /var/log/secure, I'm seeing many many logs being made by guvnor and I'm a bit confused as to what is going on.

Mar 31 16:08:01 host sudo:     root : TTY=unknown ; PWD=/var/run/guvnor ; USER=root ; COMMAND=/usr/bin/printenv PATH
Mar 31 16:08:02 host sudo:     root : TTY=unknown ; PWD=/var/run/guvnor ; USER=root ; COMMAND=/usr/bin/printenv PATH
Mar 31 16:08:02 host sudo:     root : TTY=unknown ; PWD=/var/run/guvnor ; USER=root ; COMMAND=/usr/bin/printenv PATH
Mar 31 16:08:03 host sudo:     root : TTY=unknown ; PWD=/var/run/guvnor ; USER=root ; COMMAND=/usr/bin/printenv PATH
Mar 31 16:08:04 host sudo:     root : TTY=unknown ; PWD=/var/run/guvnor ; USER=root ; COMMAND=/usr/bin/printenv PATH
Mar 31 16:08:04 host sudo:     root : TTY=unknown ; PWD=/var/run/guvnor ; USER=root ; COMMAND=/usr/bin/printenv PATH
Mar 31 16:08:05 host sudo:     root : TTY=unknown ; PWD=/var/run/guvnor ; USER=root ; COMMAND=/usr/bin/printenv PATH
Mar 31 16:08:06 host sudo:     root : TTY=unknown ; PWD=/var/run/guvnor ; USER=root ; COMMAND=/usr/bin/printenv PATH
Mar 31 16:08:06 host sudo:     root : TTY=unknown ; PWD=/var/run/guvnor ; USER=root ; COMMAND=/usr/bin/printenv PATH
Mar 31 16:08:07 host sudo:     root : TTY=unknown ; PWD=/var/run/guvnor ; USER=root ; COMMAND=/usr/bin/printenv PATH
Mar 31 16:08:08 host sudo:     root : TTY=unknown ; PWD=/var/run/guvnor ; USER=root ; COMMAND=/usr/bin/printenv PATH
Mar 31 16:08:08 host sudo:     root : TTY=unknown ; PWD=/var/run/guvnor ; USER=root ; COMMAND=/usr/bin/printenv PATH
Mar 31 16:08:09 host sudo:     root : TTY=unknown ; PWD=/var/run/guvnor ; USER=root ; COMMAND=/usr/bin/printenv PATH
Mar 31 16:08:10 host sudo:     root : TTY=unknown ; PWD=/var/run/guvnor ; USER=root ; COMMAND=/usr/bin/printenv PATH
Mar 31 16:08:10 host sudo:     root : TTY=unknown ; PWD=/var/run/guvnor ; USER=root ; COMMAND=/usr/bin/printenv PATH
Mar 31 16:08:11 host sudo:     root : TTY=unknown ; PWD=/var/run/guvnor ; USER=root ; COMMAND=/usr/bin/printenv PATH
Mar 31 16:08:12 host sudo:     root : TTY=unknown ; PWD=/var/run/guvnor ; USER=root ; COMMAND=/usr/bin/printenv PATH

As you can see, it seems to be attempting whatever it's trying to do at least once a second, sometimes twice. Do you have any ideas?

achingbrain commented 9 years ago

Every time an RPC method is invoked (e.g. by the cli or web monitor) the daemon attempts to obtain the details of the calling user, including their $PATH environmental variable and the groups they are a member of.

The only reliable way I've found of doing this is to use sudo as it simulates the user logging in, so sources the relevant profile files (e.g. ~/.bashrc, /etc/profile, etc) and sets their environment up as you'd expect.

The details aren't necessarily going to be used with every request so if obtaining this stuff becomes a bottleneck I suppose it could be deferred until it's actually needed.