Permission Denied on check_nt
Paul Broadwith
paul.broadwith at blueivy.co.uk
Thu Jul 19 20:43:00 CEST 2007
Hi Marc,
To answer your questions:
1. None of the check_nt commands I have are running successfully. All of
them are failing with 'Permission denied' in the Status Information
column of the web interface.
2. Nagios is running under the user 'nagios'. Output of the 'ps -A u'
command:
===
nagios 30049 0.0 0.0 27384 1356 ? Ssl 18:57 0:00
/usr/bin/nagios
===
3. nagios_user is nagios:
===
nagios_user=nagios
nagios_group=nagios
===
I included the nagios_group bit as I thought the nagios group was
actually nagiocmd.
The permissions on the 'plugins' directory and all of the plugins were
root.root, but are now as follows:
===
drwxr-xr-x 2 root root 4096 Jul 19 12:02 cgi
drwxr-xr-x 4 nagios nagiocmd 4096 Jul 19 12:02 plugins
===
After I changed them I restarted both Apache and Nagios but still
getting the same error.
4. No avc messages in /var/log/messages so I assume SELinux isn't
running.
Happy to let somebody have a look around the server via SSH if they
wish. Short of rebuilding the server I'm not sure what to do myself!
As an aside I couldn't get Nagios running at first because it couldn't
write the .pid file in /var/run. I changed the location of the .pid file
to the /var/log/nagios and it worked fine. That also seemed to be
permissions based even though I had given Nagios full access to the
/var/run directory. Below is a full 'ps -A u' from the server in case
anything running is causing problems:
===
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.0 2036 640 ? Ss 13:40 0:00 init
[3]
root 2 0.0 0.0 0 0 ? S 13:40 0:00
[migration/0]
root 3 0.0 0.0 0 0 ? SN 13:40 0:00
[ksoftirqd/0]
root 4 0.0 0.0 0 0 ? S 13:40 0:00
[watchdog/0]
root 5 0.0 0.0 0 0 ? S< 13:40 0:00
[events/0]
root 6 0.0 0.0 0 0 ? S< 13:40 0:00
[khelper]
root 7 0.0 0.0 0 0 ? S< 13:40 0:00
[kthread]
root 10 0.0 0.0 0 0 ? S< 13:40 0:00
[kblockd/0]
root 11 0.0 0.0 0 0 ? S< 13:40 0:00
[kacpid]
root 86 0.0 0.0 0 0 ? S< 13:40 0:00
[cqueue/0]
root 89 0.0 0.0 0 0 ? S< 13:40 0:00 [khubd]
root 91 0.0 0.0 0 0 ? S< 13:40 0:00
[kseriod]
root 150 0.0 0.0 0 0 ? S 13:40 0:00
[pdflush]
root 151 0.0 0.0 0 0 ? S 13:40 0:00
[pdflush]
root 152 0.0 0.0 0 0 ? S< 13:40 0:00
[kswapd0]
root 153 0.0 0.0 0 0 ? S< 13:40 0:00 [aio/0]
root 307 0.0 0.0 0 0 ? S< 13:40 0:00
[kpsmoused]
root 328 0.0 0.0 0 0 ? S< 13:40 0:00
[kmirrord]
root 333 0.0 0.0 0 0 ? S< 13:40 0:00
[ksnapd]
root 336 0.0 0.0 0 0 ? S< 13:40 0:01
[kjournald]
root 368 0.0 0.0 0 0 ? S< 13:40 0:00
[kauditd]
root 402 0.0 0.0 2664 1124 ? S<s 13:40 0:00
/sbin/udevd -d
root 1022 0.0 0.0 4216 936 pts/0 R+ 19:40 0:00 ps -A u
root 1256 0.0 0.0 0 0 ? S< 13:40 0:00
[kjournald]
root 1767 0.0 0.0 2280 548 ? Ss 13:41 0:00
/sbin/dhclient -1 -q -lf /var/lib/dhclie
root 1870 0.0 0.3 9544 7900 ? Ss 13:41 0:00
/usr/sbin/restorecond
root 1886 0.0 0.0 12076 680 ? S<sl 13:41 0:08 auditd
root 1888 0.0 0.1 9612 3720 ? S<s 13:41 0:07 python
/sbin/audispd
root 1906 0.0 0.0 1692 580 ? Ss 13:41 0:00 syslogd
-m 0
root 1909 0.0 0.0 1640 396 ? Ss 13:41 0:00 klogd
-x
root 1944 0.0 0.0 2128 508 ? Ss 13:41 0:00
mcstransd
rpc 1966 0.0 0.0 1776 552 ? Ss 13:41 0:00 portmap
root 1991 0.0 0.0 1784 724 ? Ss 13:41 0:00
rpc.statd
root 2032 0.0 0.0 4936 556 ? Ss 13:41 0:00
rpc.idmapd
dbus 2059 0.0 0.0 12956 928 ? Ssl 13:41 0:00
dbus-daemon --system
root 2075 0.0 0.0 2120 756 ? Ss 13:41 0:00
/usr/sbin/hcid
root 2081 0.0 0.0 1708 500 ? Ss 13:41 0:00
/usr/sbin/sdpd
root 2102 0.0 0.0 0 0 ? S< 13:41 0:00
[krfcommd]
root 2150 0.0 0.0 12692 1276 ? Ssl 13:41 0:00 pcscd
root 2173 0.0 0.0 1876 448 ? Ss 13:41 0:00
/usr/bin/hidd --server
root 2192 0.0 0.0 9336 1116 ? Ssl 13:41 0:00
automount
root 2215 0.0 0.0 1636 536 ? Ss 13:41 0:00
/usr/sbin/acpid
root 2230 0.0 0.0 9580 1948 ? Ss 13:41 0:00 cupsd
root 2248 0.0 0.0 5172 952 ? Ss 13:41 0:00
/usr/sbin/sshd
root 2272 0.0 0.0 8500 1636 ? Ss 13:41 0:00
sendmail: accepting connections
smmsp 2281 0.0 0.0 7544 1444 ? Ss 13:41 0:00
sendmail: Queue runner at 01:00:00 for /var/spool/clientmqueue
root 2297 0.0 0.0 1868 364 ? Ss 13:41 0:00 gpm -m
/dev/input/mice -t exps2
root 2328 0.0 0.0 5220 1176 ? Ss 13:41 0:00 crond
root 2357 0.0 0.0 2200 424 ? Ss 13:41 0:00
/usr/sbin/atd
root 2381 0.0 1.3 41664 28496 ? S 13:41 0:19
/usr/bin/python /usr/sbin/yum-updatesd
68 2396 0.0 0.1 5312 3556 ? Ss 13:41 0:00 hald
root 2397 0.0 0.0 3100 984 ? S 13:41 0:00
hald-runner
68 2403 0.0 0.0 1968 804 ? S 13:41 0:00
hald-addon-acpi: listening on acpid socket /var/run/acpid.socket
68 2407 0.0 0.0 1968 796 ? S 13:41 0:00
hald-addon-keyboard: listening on /dev/input/event0
root 2420 0.0 0.0 1920 620 ? S 13:41 0:02
hald-addon-storage: polling /dev/hdd
root 2422 0.0 0.0 1920 624 ? S 13:41 0:00
hald-addon-storage: polling /dev/hdc
root 2503 0.0 0.0 1952 524 ? S 13:41 0:00
/usr/sbin/smartd -q never
root 2506 0.0 0.0 1628 444 tty1 Ss+ 13:41 0:00
/sbin/mingetty tty1
root 2507 0.0 0.0 1628 444 tty2 Ss+ 13:41 0:00
/sbin/mingetty tty2
root 2518 0.0 0.0 1628 440 tty3 Ss+ 13:41 0:00
/sbin/mingetty tty3
root 2521 0.0 0.0 1628 444 tty4 Ss+ 13:41 0:00
/sbin/mingetty tty4
root 2522 0.0 0.0 1624 440 tty5 Ss+ 13:41 0:00
/sbin/mingetty tty5
root 2523 0.0 0.0 1628 440 tty6 Ss+ 13:41 0:00
/sbin/mingetty tty6
root 2569 0.0 0.1 8028 2424 ? Ss 13:41 0:01 sshd:
root at pts/0
root 2592 0.0 0.0 4608 1452 pts/0 Ss 13:41 0:00 -bash
nagios 32569 0.0 0.0 27388 1336 ? Ssl 19:29 0:00
/usr/bin/nagios -d /etc/nagios/nagios.cfg
root 32595 0.0 0.3 22032 8064 ? Ss 19:29 0:00
/usr/sbin/httpd
apache 32597 0.0 0.2 22092 5432 ? S 19:29 0:00
/usr/sbin/httpd
apache 32598 0.0 0.2 22092 5416 ? S 19:29 0:00
/usr/sbin/httpd
apache 32599 0.0 0.2 22092 5432 ? S 19:29 0:00
/usr/sbin/httpd
apache 32600 0.0 0.2 22092 5440 ? S 19:29 0:00
/usr/sbin/httpd
apache 32601 0.0 0.2 22092 5428 ? S 19:29 0:00
/usr/sbin/httpd
apache 32602 0.0 0.2 22092 5348 ? S 19:29 0:00
/usr/sbin/httpd
apache 32603 0.0 0.2 22092 5436 ? S 19:29 0:00
/usr/sbin/httpd
apache 32604 0.0 0.2 22092 5432 ? S 19:29 0:00
/usr/sbin/httpd
===
Kind regards,
Paul Broadwith MBCS
Blue Ivy Ltd - Microsoft Small Business Specialist, UK Partner Qualified
for 2007
Tel.: 0800 612 0601
Windows Messenger: paul.broadwith at blueivy.co.uk
Web: http://www.blueivy.co.uk
Blog: http://blog.blueivy.co.uk
-----Original Message-----
From: nagios-users-bounces at lists.sourceforge.net
[mailto:nagios-users-bounces at lists.sourceforge.net] On Behalf Of Marc
Powell
Sent: 19 July 2007 19:24
To: nagios-users at lists.sourceforge.net
Subject: Re: [Nagios-users] Permission Denied on check_nt
<leaving response intact for the benefit of the archives>
> -----Original Message-----
> From: Paul Broadwith [mailto:paul.broadwith at blueivy.co.uk]
> Sent: Thursday, July 19, 2007 12:34 PM
> To: Marc Powell
> Subject: RE: [Nagios-users] Permission Denied on check_nt
>
> Hi Marc,
>
> The output from the Nagios.log for the unsuccessful command is:
>
> ===
> [1184854600] SERVICE ALERT: MYHOST;Drive Space -
> D:;CRITICAL;HARD;3;Permis
> sion denied
> [1184854600] SERVICE NOTIFICATION:
> blueivy_client_monitoring;MYHOST;Drive
> Space - D:;CRITICAL;notify-by-email;Permission denied
> ===
>
> (this is only one entry - all the services to this box fails but they
> all say the same thing). The last one about the notify-by-email I can
> sort once I get the monitoring sorted!
>
> The plugin checking the diskspace on the Nagios server itself uses
> $USER1$ so I'm putting two and two together and assuming it is
correct.
>
> I did as you suggested and added 'echo' at the start of the command
and
> the output in the 'Status Information' column of the web interface is:
>
> ===
> /usr/lib/nagios/plugins/check_nt -H 192.168.100.20 -p 12489 -v
> USEDDISKSPACE -l d -w 80 -c 90
> ===
>
> Which as far as I can see is correct.
>
> I copied that command above and pasted it into the terminal command
> window and ran it (under root and nagios) and it returned the correct
> information:
>
> ===
> d:\ - total: 129.51 Gb - used: 84.47 Gb (65%) - free 45.04 Gb (35%) |
> 'd:\ Used Space'=84.47Gb;103.61;116.56;0.00;129.51
> ===
>
> You asked if I changed the check from some other configuration. My
> installation of Nagios didn't come with check_nt anywhere so I got it
> from the page I set Nagios up from
> (http://www.maxsworld.org/index.php/how-tos/nagios), removed the -s
> option and added it to the commands.cfg file.
>
> There is only one instance of 'nagios' running (according to ps).
>
> For the second issue, SELinux is not enabled (according to the CentOS
> Setup it's disabled) and as far as I know I have followed the
> instructions carefully. I will go over them again though.
We're definitely getting really obscure now. Pretty clearly you're
experiencing a standard permissions issue for both commands. Everything
we've looked at so far has been correct. Do you have other check_nt
commands that are working successfully? Is nagios really running as the
user nagios? Does the value of nagios_user in nagios.cfg match the owner
of the plugins? The plugins are executable by that user? I know you're
testing as the nagios user but the possibility exists that nagios isn't
running as that user. I would be doubly sure that SELinux isn't enabled
by verifying that you don't see avc denied messages in /var/log/messages
but that's probably not the issue. Beyond that, I'm not really sure
where to go...
--
Marc
------------------------------------------------------------------------
-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when
reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
----------------------------------------------------------------------------------------------------------------------------------------------
Blue Ivy Limited is a limited company registered in Scotland.
Registered company number: SC 221649. Registered VAT number: GB 774 8460 88.
Registered Office: 67 Kelburn Street, Barrhead, Glasgow, G78 1LD
This message and any associated files is intended only for the use of nagios-users at lists.sourceforge.net and may contain information that is confidential, subject to copyright or constitutes a trade secret. If you are not nagios-users at lists.sourceforge.net you are hereby notified that any dissemination, copying or distribution of this message, or files associated with this message, is strictly prohibited. If you have received this message in error, please notify paul.broadwith at blueivy.co.uk immediately by replying to the message and then deleting it from your computer.
Any views or opinions presented are solely those of the author paul.broadwith at blueivy.co.uk and do not necessarily represent those of the company.
----------------------------------------------------------------------------------------------------------------------------------------------
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list