Bug in reporting permissions problems with config files - nagios 2.0b4

Ethan Galstad nagios at nagios.org
Wed Nov 9 00:06:21 CET 2005

Previous message: lost trends in nagios-cvs?
Next message: Bugfix for skipping non-cfg files in "cfg_dir"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thanks - A patch will be in CVS shortly that will force Nagios to 
drop privs before running a config verification or scheduling 
information test.


On 6 Oct 2005 at 17:00, John P. Rouillard wrote:

> 
> Hi all:
> 
> Looks like there is a minor bug with reporting problems with
> permissions of config files.  When running it in the verify mode,
> nagios doesn't attempt to change to the nagios
> user/group. I.E. drop_privileges isn't called. So access occurs an
> usual.
> 
> However when running as a daemon (normally), it calls drop_privileges
> after the main config file is read, but not before the rest of the
> config files are read.
> 
>   main()
>       result=read_main_config_file(config_file);
>       /* drop privileges */
>       if(drop_privileges(nagios_user,nagios_group)==ERROR){
>                                               [ user id is nagios now]
>       ...
>       /* read in all object config data */
>      if(result==OK)
>          result=read_all_object_data(config_file);
> 
> As a result the daemon fails with an error saying to run "nagios -v"
> to verify the config files. However since nagios -v never drops
> privs, it never sees the problem.
> 
> To replicate:
> 
>     change the permisions on one of the nagios cfg files so that the nagios
> 	user can't read it.
> 
>     run "nagios -v" as root all should be well.
>     run "nagios" as root it will fail to start.
> 
> Possible fix: report a permissions problem on the file that failed to open.
> 
> 				-- rouilj
> John Rouillard
> ===========================================================================
> My employers don't acknowledge my existence much less my opinions.
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by:
> Power Architecture Resource Center: Free content, downloads, discussions,
> and more. http://solutions.newsforge.com/ibmarch.tmpl
> _______________________________________________
> Nagios-devel mailing list
> Nagios-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-devel
> 
> 



Ethan Galstad,
Nagios Developer
---
Email: nagios at nagios.org
Website: http://www.nagios.org



-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP.  Click here to play: http://sourceforge.net/geronimo.php

Previous message: lost trends in nagios-cvs?
Next message: Bugfix for skipping non-cfg files in "cfg_dir"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Developers mailing list