process-exporter icon indicating copy to clipboard operation
process-exporter copied to clipboard

Published 20 hours ago verified publisher icon ncabatoff

Running as non-root user extremely limited

Open RobotLimeLtd opened this issue 4 years ago • 2 comments

When I run process-exporter as a non-root user, it only lists processes launched by that user.

At the command-line as a non-root user, I can run ps -ef or top and see all processes on the server. Granted, certain info like “io” or “environ” are visible only to the process owner, but I would be willing to sacrifice those to stay within my company’s security preferences (i.e. “principle of least privilege”).

Is there a way to run this as a non-root user but show as much as that user would be able to see via top?

RobotLimeLtd avatar Apr 09 '20 16:04 RobotLimeLtd

Hi @RobotLimeLtd,

I do not see that behaviour on the machines I run on. Can you try something like

./process-exporter -once-to-stdout-delay=1s -config.path=packaging/conf/all.yaml -debug

and see if that gives any clues?

ncabatoff avatar Oct 17 '21 13:10 ncabatoff

hi, Same here(On CentOS 7) but solved with : setcap cap_sys_ptrace,cap_dac_read_search=+ep /path/to/process_exporter_binary

acdmail avatar May 15 '22 16:05 acdmail