[RFE] username authentication for pmdaproc #2089
Assignees
Labels
Comments
natoscott
added a commit
to natoscott/pcp
that referenced
this issue
Oct 21, 2024
Allows authenticated users to access the proc metric values, through the new /etc/pcp/proc/access.conf configuration file. Resolves issue performancecopilot#2089
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The proc metrics currently require UID-based authentication in order to allow fetch access - this is achieved using Unix-domain socket auto-authentication for most PCP tools, locally. However users also want to access proc metric values using the REST API, and this provides USERNAME based authentication attribute to pmdaproc (which it ignores currently).
A scheme similar to pmdabpftrace - where an allowed_list of usernames can be specified - would be one way to solve this (stitching this into the logic behind the -A option and have_access.
An alternative (or additional) scheme could see pmdaproc attempt to associate the USERNAME attribute with a local UID, and if successful allow access in the same way the Unix-domain socket authentication functions.
The text was updated successfully, but these errors were encountered: