dtrace discuss - Jan 2009 - Impossible to use dtrace with PHP as non-root user

I cced it to the dtrace discuss group:

I tried to use dtrace for my PHP scripts as normal user (no root, no pfexec). It
seems that Netbeans IDE does not support to run pfexec beforce dtrace.
I changed my user permissions:
saf::::type=normal;defaultpriv=basic,dtrace_proc,dtrace_user,dtrace_kernel;pr
ofiles=Primary Administrator;roles=root

However:
saf at amelie:~$ dtrace -l | grep php
saf at amelie:~$ pfexec dtrace -l | grep php
1704 php10219 dtrace.so php_dtrace_execute function-entry
1705 php10219 dtrace.so php_dtrace_execute_internal function-entry
1706 php10219 dtrace.so php_dtrace_execute function-return
...

When I trace my PHP scripts without pfexec, I get no results.
When I use pfexec (dtrace as root), than it works perfectly.
What should I do that I can run it as non-root user?
I would like at least to use it directly in the IDE Netbeans.
-- 
This message posted from opensolaris.org

As workaround I did the following as root user:
chmod +s /usr/sbin/dtrace
chmod +s /usr/sbin/amd64/dtrace

Now I can use the Dtrace for PHP directly in Netbeans as normal user.
-- 
This message posted from opensolaris.org

I''ve got the following in my /etc/user_attr file and can run DTrace
& Chime through Sun Studio/Netbeans no problems:

=== /etc/user_attr ==#####::::auths=solaris.*;profiles=Primary
Administrator;roles=root;defaultpriv=basic,dtrace_user,dtrace_proc,dtrace_kernel,proc_owner
=== END ==
The only one missing from your "defaultpriv" list is
''proc_owner''.  I''ve not DTraced any PHP stuff (yet)
but it works for everything else.  You logged out and back in again after making
the changes right?

IIRC I followed the instructions here:
http://www.netbeans.org/kb/docs/ide/NetBeans_DTrace_GUI_Plugin_0_4.html

Hope it helps.

    Steve
-- 
This message posted from opensolaris.org

The DTrace GUI works fine with Php. I just tested the DTrace GUI with the JMaki
Php sample programs. Below is the output of the php_cpudist.d script which is
generated within the DTrace GUI environment:

Exclusive function on-CPU times (us),
   Jmaki.php, func, strlen 
           value  ------------- Distribution ------------- count    
              -1 |                                         0        
               0 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 1        
               1 |                                         0        

   XmlHttpProxy.php, func, strlen 
           value  ------------- Distribution ------------- count    
              -1 |                                         0        
               0 |@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ 1        
               1 |                                         0        


This is how my dtrace privileges are set in the /etc/user_attr file on my
OpenSolaris system:

nassern::::profiles=Primary
Administrator;roles=root;defaultpriv=basic,dtrace_user,dtrace_proc,dtrace_kernel,proc_owner

These privileges take effect when you log in to the system.

__Nasser
-- 
This message posted from opensolaris.org

On Tue, Jan 13, 2009 at 03:02:25PM -0800, Robert Bauer
wrote:
> As workaround I did the following as root user:
> chmod +s /usr/sbin/dtrace
> chmod +s /usr/sbin/amd64/dtrace
> 
> Now I can use the Dtrace for PHP directly in Netbeans as normal user.
Adding setuid is a Bad Idea (TM).  Let''s just hope your regular users
don''t
discover:

	#!/usr/sbin/dtrace -ws

	/* d00d - I can panic the box */

	:::BEGIN
	{
		panic();
	}

I suggest using the profile change suggested later.

Dan

Gnome does no more start if dtrace has setuid bit.
-- 
This message posted from opensolaris.org

> The only one missing from your "defaultpriv" list is
> ''proc_owner''.  I''ve not DTraced any PHP stuff
(yet)
> but it works for everything else.  You logged out and
> back in again after making the changes right?
You are right. I just added proc_owner to the /etc/user_attr file, and now it
works perfectly as user and too in Netbeans IDE.
Thanks.
-- 
This message posted from opensolaris.org