Greetings,
This is somewhat of a trick question. Yes, if you really really wanted to you could make it work this way, but frankly it is neither necessary, nor is it recommended. GCC does not deamonize, nor does it change user, as such, it could be safely run as root, dev, or bozo the clown. Apache does daemonize, but before it does so, it changes user to the user you have configured in the httpd.conf file. Please note that unless you plan to use non-standard ports, Apache does need to be started as root so that it can open the listeners. The Zabbix server also opens a few ports, then changes user to to the hardcoded user for Zabbix, then daemonizes.

My personal recommendation, after working in the security field for a very very long time, is learn how these applications work, then use industry standards. Apache runs as either nobody or apache, MySQL runs as either nobody or mysql, zabbix runs as either nobody or zabbix.

Zabbix Build

I have my server fully loaded for php / apache / tomcat / jakarta etc.

I built the zabbix database using the MySQL GUI Administrator program, and built the user zabbix with a password -then gave it rights to access database zabbix on localhost only. (There is an ad hosts on right click of the user) then I gave zabbix complete rights to its own database.

Then I logged onto mysql from the shell as zabbix to test if I could get to the database. Once I could do that I used slash-dot to run the zabbix database scripts. The ones that were not happy (there were a couple that line wrapped or something) I ran in the MySQL Admin GUI Query tool. All was well.

Then I built the unix user zabbix, installed fping and gave that account rights to it, and completed the install.

Also, seems to me there was a post I read earlier today -that zabbix drops into using the zabbix account once activated -so does not continue to be run as root.

I think at some point I put in the latest release of GD2 as well.

still confused!!

Greetings to all,

I am still confused as I did not understand much from the earlier 2 posts. I am sorry for this as I am still a newbee in all this stuff.. In my phase 1 efforts of setting up zabbix, I didnt want to mess up with user rights and stuff, so I installed everything with ROOT ID in my Solaris.

James,

Any idea what kind of "security risk" actually will be there if i run zabbix server and agent with ROOT Id?

Another question is will it be fine if i install all the required modules (GCC, Apache, PHP & gd, MySql) with ROOT loging & the zabbix server/agent alone with unpriviliged Zabbix ID?


thanks once again for ur offer to help me guys...

quick fix needed

Hi All,

Is it enuf if I install all the supporting software ( apache, php, mysql, gcc, etc) in ROOT and then just install my zabbix server and/or agent in the unprevilidged zabbix account?

Will there be any access rights problems? Can anyone throw some light on this?

Can anyone give me some clarity on the above scenario? Thanks!!