inside the sausage factory Adam Leventhal's Weblog
Adam Leventhal, Fishworks engineer

« old school Solaris... | Main | Linker alien spottin... »

Friday Jul 02, 2004

DTrace as non-root

fintanr's weblog has a nice entry on how to configure Solaris 10 to give privileges to individual users so they can run DTrace as non-root. By default, users require additional privileges to run DTrace because even providers that don't expose kernel state explicitly (like the syscall provider) can impact performance on the entire box. The privileges, what each permits and the implications are described in excruciating detail in the Solaris Dynamic Tracing Guide (Chapter 31 Security).

Posted at 06:48AM Jul 02, 2004 by ahl in DTrace | Comments[4] | Permalink

Comments:

Dtrace seems like it will be of major use. I am glad you guys kept security in mind. Will Solaris 10 come with certain "canned" dtrace scripts that will be of use to sysadmins 80% of the time? A good example of such a script is the top 10 i/o consumers script on Eric Schrock's blog (http://blogs.sun.com/eschrock). He mentions that you guys are working on a utility (not sure what he meant maybe it is same thing as pre canned scripts). I would prefer easy-to-modify scripts for easy customization better than having just precompiled utility. Many sysadmins are not programmers but they are adept at modifying or customizing scripts for their own use. Will there be the possibility for third parties to create GUI front ends that display or log system information using dtrace? It seems like there are many many probes a GUI will make things easier.

Posted by Unknown on July 07, 2004 at 02:02 AM PDT #

A GUI around dtrace... I can imagine the list, 36,000 items in the menu to choose from ;-)

Posted by smg on July 07, 2004 at 09:13 AM PDT #

Theres a bunch of scripts available on the big admin site, and links to a bunch more. What kind of scripts are you thinking about?

Posted by fintanr on July 07, 2004 at 09:41 AM PDT #

The Solaris Dynamic Tracing Guide is full of examples and all those (and probably some more) will be shipped with Solaris (probably in /usr/demo or something). Also, we're working on GUI front ends for DTrace, and, no, it won't look like a pull down menu with a bazillion probes to choose from. We're working on ways of using graphics to both present data in interesting ways and ease navigation from one question to the next. I promise there will be much more on this later.

Posted by Adam Leventhal on July 07, 2004 at 09:42 AM PDT #

Post a Comment:
Comments are closed for this entry.

Archives

« December 2009
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
  
       
Today

The DTrace Three

DTrace Links

Fishworks Engineering

Recent Posts

Other Blog Links

Today's Page Hits: 216