Command File error

Marc Powell marc at ena.com
Wed Jul 12 19:02:22 CEST 2006



> -----Original Message-----
> From: Israel Brewster [mailto:israel at frontierflying.com]
> Sent: Wednesday, July 12, 2006 11:12 AM
> To: Tom Brown; Marc Powell
> Cc: nagios-users at lists.sourceforge.net
> Subject: Re: [Nagios-users] Command File error
> 

[chop]

> 
> On Jul 11, 2006 at 8:39 PM, Marc Powell wrote:
> 
> > And restarted the web server presumably. That leaves 2 likely
> > possibilities:
> > 	- one or more of the directories above rw/ are not accessible by
> > your web server user or
> > 	- you have SELinux enabled and have not allowed http permissions
> > by policy. You can use 'audit2allow -l -i /var/log/messages' to see
if
> > that's the case.
> >
> > I don't use SELinux so I can't provide you with a specific policy.
> 
> All directories in the path have read and execute permissions set for
> everybody. Most don't have write permissions, but I wouldn't think
> that would be an issue. Issuing the command you give returns the
> following result:
> 
> allow httpd_sys_script_t usr_t:fifo_file getattr;
> allow httpd_sys_script_t usr_t:file write;
> allow unlabeled_t netif_eth0_t:netif rawip_recv;
> 
> I don't know anything about SELinux though, so I have no clue if this
> is good, bad, or indifferent. Any thoughts?

Bad. The first two lines indicate that SELinux is preventing httpd from
accessing a fifo file (nagios.cmd almost certainly). Grep for nagios.cmd
in /var/log/messages. You'll certainly see 'avc: denied' messages.
audit2allow presents policy rules that would allow access to things that
were blocked. Note that they are overly permissive though. You can
either disable SELinux or modify your policy/permissions for nagios.cmd
to allow access for httpd. There are numerous messages in the archive
about SELinux.

> 
> I also tried changing the permissions on the command file and
> enclosing folder so that anyone could read and write to them, just to
> see if that would fix the issue, but no change. So apparently it
> isn't a permissions issue, at least not directly with the file and
> enclosed folder.

SELinux permissions are above and beyond normal file system permissions.


--
Marc


-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list