Warning: Could not get group entry for 'nagios' on FreeBSD

[Andreas Ericsson]

Matt Bostock wrote:
> *** I tried sending this to nagios-users but didn't get a response, I
> figured maybe it's more suitable in the dev mailing list, hope that's ok.***
> 
> Hi,
> 
> I'm trying to run Nagios inside a FreeBSD jail, but am getting this in
> nagios.log:
> 
> [1116603291] Nagios 2.0b3 starting... (PID=88484)
> [1116603291] LOG VERSION: 2.0
> [1116603336] Warning: Could not get group entry for 'nagios'
> [1116603336] Warning: Could not set effective GID=-1
> [1116603336] Failed to drop privileges.  Aborting.
> 
> After that, Nagios exits. The nagios user and group are definetly set
> up. Any suggestions would be very gratefully appreciated.
> 

Nagios has similar requirements to apache (or any daemon dropping 
privileges) inside a chroot jail. You'll need /etc/group and /etc/passwd 
inside the jail, in the default locations, as well as a number of other 
files (/etc/nsswitch.conf and friends). Even so, I'm not sure it will 
work as the plugins will inherit the jail from Nagios. The plugins 
requires /etc/hosts, /etc/resolv.conf, /etc/services and a whole host of 
other things (like perl, shared libraries etc. etc.).

It's most likely more of a headache than it's worth, and considering 
Nagios isn't a networking daemon per se, you'd probably be better off 
just putting the webserver in jail anyways, since it's the CGI's (if 
anything) that's susceptible to attack.

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Lead Developer


-------------------------------------------------------
This SF.Net email is sponsored by Yahoo.
Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
Search APIs Find out how you can build Yahoo! directly into your own
Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005