check_mailq, nrpe, and root perms on client

[Mat W]

hrm, i don't run check_mem as root and it works fine.

 

Is the check_mem script owned by the nagios user and/or executable by the nagios user?

 

As for mailq, I would suggest SUDO as the best route.  You can configure very specific sudo permissions to only allow the Nagios user to run very specific commands.

-- 
Mat W. - http://www.techadre.com


 
> Date: Mon, 15 Jun 2009 10:59:10 -0700
> From: kfreels at sendmail.com
> To: nagios-users at lists.sourceforge.net
> Subject: [Nagios-users] check_mailq, nrpe, and root perms on client
> 
> Greetings!!!
> 
> Errata: Nagios 3.0
> 
> I have nrpe running quite well on several clients, but I am having some
> problems with running root-perm'd commands on the client via nrpe. The
> critical one I need is check_mailq, which calls the standard UNIX
> "mailq" command, but there are also others (check_mem, check_log)
> 
> The problem is that mailq requires root priv's to do this. Since I run
> nrpe in daemon mode under the nagios user, it fails with: 
> 
> CRITICAL: Error code 78 returned from /usr/bin/mailq
> 
> Just for sanity check, I su'd into the nagios user and tried to run it,
> and it fails. I was able to get it working with sudo by adding the user
> nagios to the client's sudoers with only that command, and then adding
> the appropriate "sudo" in front of the check_mailq command in nrpe.cfg:
> 
> command[check_mailq]=sudo /usr/local/nagios/libexec/check_mailq -w 50
> -c 75
> 
> It also works on the client as the nagios user.
> 
> However, as sudo is designed to do, it logs every command run under it,
> so I wind up getting an email for every instance the check is made.
> Multiply that times several servers and services, and I am now getting
> flooded with emails that are essentially unnecessary.
> 
> I also thought of:
> 
> -- running nrpe as "root" (not comfortable with that)
> -- SUID on check_mailq
> -- chown'ing check_mailq root:root
> 
> I'm stumped....
> 
> Any ideas are greatly appreciated! Thanks in advance!!
> 
> 
> ....k 
> -=-=-=- 
> Kevin Freels
> Director of Information Technology
> Sendmail, Inc.
> kfreels at sendmail.com 510/594.5572
> 
> ------------------------------------------------------------------------------
> Crystal Reports - New Free Runtime and 30 Day Trial
> Check out the new simplified licensing option that enables unlimited
> royalty-free distribution of the report engine for externally facing 
> server and web deployment.
> http://p.sf.net/sfu/businessobjects
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
> ::: Messages without supporting info will risk being sent to /dev/null

_________________________________________________________________
Windows Live™ SkyDrive™: Get 25 GB of free online storage.
http://windowslive.com/online/skydrive?ocid=TXT_TAGLM_WL_SD_25GB_062009
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20090615/dbc7c73e/attachment.html>
-------------- next part --------------
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing 
server and web deployment.
http://p.sf.net/sfu/businessobjects
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null