Bug in reporting permissions problems with config files - nagios 2.0b4
John P. Rouillard
rouilj at cs.umb.edu
Thu Oct 6 23:00:54 CEST 2005
Hi all:
Looks like there is a minor bug with reporting problems with
permissions of config files. When running it in the verify mode,
nagios doesn't attempt to change to the nagios
user/group. I.E. drop_privileges isn't called. So access occurs an
usual.
However when running as a daemon (normally), it calls drop_privileges
after the main config file is read, but not before the rest of the
config files are read.
main()
result=read_main_config_file(config_file);
/* drop privileges */
if(drop_privileges(nagios_user,nagios_group)==ERROR){
[ user id is nagios now]
...
/* read in all object config data */
if(result==OK)
result=read_all_object_data(config_file);
As a result the daemon fails with an error saying to run "nagios -v"
to verify the config files. However since nagios -v never drops
privs, it never sees the problem.
To replicate:
change the permisions on one of the nagios cfg files so that the nagios
user can't read it.
run "nagios -v" as root all should be well.
run "nagios" as root it will fail to start.
Possible fix: report a permissions problem on the file that failed to open.
-- rouilj
John Rouillard
===========================================================================
My employers don't acknowledge my existence much less my opinions.
-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
More information about the Developers
mailing list