check_mailq, nrpe, and root perms on client

Marc Powell marc at ena.com
Mon Jun 15 21:59:03 CEST 2009


On Jun 15, 2009, at 2:02 PM, Kevin Freels wrote:

> I've done my research on seeing if sudo can be set to not log certain
> commands/users/groups, but haven't found anything. I think that's
> because sudo was never meant to be ignored when a command is run; you
> *want* to be notified if someone runs a root comand as a mortal user.

Not particularly. IMHO, you've given them permission to run the  
command; isn't that good enough? That's why most of the mail_* options  
are to notify you of exceptions to that.

> It's unwieldable to set up mail filters to filter out those messages,
> since, as I said, sudo's purpose it to inform. Add that you'd need  
> to do
> this every time a new client is added, and it's simply not an elegant
> solution.
>
> Obviously, someone wrote check_mailq and it was included in the
> distributions, so it must have worked at one point in time (or there  
> was
> a workaround to get it to work).

It is working and there's no workaround needed in standard installs.  
The choice made in your specific sudo configuration (mail_always =  
yes), isn't the norm IMHO so you're seeing different behavior. There  
may not be a workaround that isn't unwieldy (filters and the like) or  
that potentially compromises your security (suid, etc).

--
Marc


------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensing option that enables unlimited
royalty-free distribution of the report engine for externally facing 
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list