Skip to main content

Home/ Larvata/ Group items tagged sysadmin

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
張 旭

Running rootless Podman as a non-root user | Enable Sysadmin - 0 views

www.redhat.com/...rootless-podman-makes-sense

docker podman linux system

shared by 張 旭 on 04 Aug 20 - No Cached
  • By default, rootless Podman runs as root within the container.
  • the processes in the container have the default list of namespaced capabilities which allow the processes to act like root inside of the user namespace
  • the directory is owned by UID 26, but UID 26 is not mapped into the container and is not the same UID that Postgres runs with while in the container.
  • ...8 more annotations...
  • Podman launches a container inside of the user namespace, which is mapped with the range of UIDs defined for the user in /etc/subuid and /etc/subgid
  • The easy solution to this problem is to chown the html directory to match the UID that Postgresql runs with inside of the container.
  • use the podman unshare command, which drops you into the same user namespace that rootless Podman uses
  • This setup also means that the processes inside of the container are running as the user’s UID. If the container process escaped the container, the process would have full access to files in your home directory based on UID separation.
  • SELinux would still block the access, but I have heard that some people disable SELinux.
  • If you run the processes within the container as a different non-root UID, however, then those processes will run as that UID. If they escape the container, they would only have world access to content in your home directory.
  • run a podman unshare command, or set up the directories' group ownership as owned by your UID (root inside of the container).
  • running containers as non-root should always be your top priority for security reasons.
crazylion lee

Riemann - A network monitoring system - 0 views

riemann.io/index.html

monitoring dashboard sysadmin

shared by crazylion lee on 17 Apr 16 - No Cached
  • crazylion lee on 17 Apr 16
     
    "Riemann aggregates events from your servers and applications with a powerful stream processing language. Send an email for every exception in your app. Track the latency distribution of your web app. See the top processes on any host, by memory and CPU. Combine statistics from every Riak node in your cluster and forward to Graphite. Track user activity from second to second."
crazylion lee

Supervisor: A Process Control System - supervisor 3.1a1-dev documentation - 1 views

supervisord.org

monitoring sysadmin python linux unix supervisor

shared by crazylion lee on 13 Feb 14 - Cached
  • crazylion lee on 13 Feb 14
     
    Supervisor is a client/server system that allows its users to monitor and control a number of processes on UNIX-like operating systems. It shares some of the same goals of programs like launchd, daemontools, and runit. Unlike some of these programs, it is not meant to be run as a substitute for init as "process id 1". Instead it is meant to be used to control processes related to a project or a customer, and is meant to start like any other program at boot time.
crazylion lee

Fluentd | Open Source Data Collector - 0 views

www.fluentd.org

logging log sysadmin

shared by crazylion lee on 16 Nov 14 - No Cached
  • crazylion lee on 16 Nov 14
     
    Fluentd is an open source data collector for unified logging layer. Fluentd allows you to unify data collection and consumption for a better use and understanding of data.
crazylion lee

Sysdig | Home - 0 views

www.sysdig.org

linux sysadmin strace debug bug

shared by crazylion lee on 17 Nov 14 - No Cached
  • crazylion lee on 17 Nov 14
     
    A New System Troubleshooting Tool Built for the Way You Work
crazylion lee

4 system monitoring tools for Linux | Opensource.com - 0 views

opensource.com/...source-tools-system-monitoring

linux monitoring sysadmin top

shared by crazylion lee on 01 Mar 16 - No Cached
  • crazylion lee on 01 Mar 16
     
    "4 open source tools for Linux system monitoring"
crazylion lee

p-e-w/maybe: :rabbit2: See what a program does before deciding whether you really want ... - 0 views

github.com/maybe

python Linux sysadmin

shared by crazylion lee on 19 Mar 16 - No Cached
  • crazylion lee on 19 Mar 16
     
    "See what a program does before deciding whether you really want it to happen."
crazylion lee

Bcfg2 - 0 views

bcfg2.org

sysadmin server system

shared by crazylion lee on 08 Oct 16 - No Cached
  • crazylion lee on 08 Oct 16
     
    "Bcfg2 helps system administrators produce a consistent, reproducible, and verifiable description of their environment, and offers visualization and reporting tools to aid in day-to-day administrative tasks. It is the fifth generation of configuration management tools developed in the Mathematics and Computer Science Division of Argonne National Laboratory. "
crazylion lee

GitHub - etsy/statsd: Daemon for easy but powerful stats aggregation - 0 views

github.com/statsd

node.js aggregation stats daemon sysadmin

shared by crazylion lee on 21 Apr 17 - No Cached
  • crazylion lee on 21 Apr 17
     
    "Daemon for easy but powerful stats aggregation"
1 - 12 of 12
Showing 20 items per page