@@ -32,12 +32,13 @@ Sample configs must not be used in the code.
The aggregator tool requires an access to the database (currently InlfuxDB). DB credentials are stored in a plain text file and accessible by anyone who has right to read configuration files. In order to prevent users from accessing DB credentials and job data that does not belong to them, the toolkit provides a setuid executable to run aggregator. In order to use this feature follow the instructions:
1. Configure aggregator to use setuid binary by setting `SECUSER=True` in `conf/config.py`.
2. Compile setuid binary: `cd setuid-runner; make`. It requires Python3 to be installed in the system.
3. You can move `setuid-runner/setuid-runner` and `setuid-runner/config.ini` anywhere where it is accessible by users
4. Set path to `data.py` in `config.ini`
5. Change the ownership of all files to `safeuser` and remove the access for anyone else: `chown -R safeuser aggregator && chmod -R go-rwx aggregator`
6. Set **setuid** bit of the `setuid-runner` binary and ownership accordingly: `chmod u+s,a+rx setuid-runner && chown safeuser setuid-runner`
7. Now in order to fetch the data call `setuid-runner` as you call `data.py`, for instance: `./setuid-runner -t text JOBID`