Permissions problem
Adam Mooz
adam.mooz at gmail.com
Fri Apr 24 18:58:15 CEST 2009
I didn't know about the primary group bit, thanks! It's all working,
apologies for the snarky-ness in the previous message. All is good
now :)
On 23-Apr-09, at 4:24 PM, Patrick Morris wrote:
> By the way, for further info see the xinetd man page, which (on my
> system, anyway) states:
>
> group
> determines the gid for the server process. The group name must
> exist
> in /etc/group. If a group is not specified, the group of user will
> be used (from /etc/passwd). This attribute is ineffective if the
> effective user ID of xinetd is not super-user.
>
> Note that it's only going to use the primary group. Other group rights
> are dropped.
>
> On Thu, 23 Apr 2009, Adam Mooz wrote:
>
>> No, it's not, but that doesn't matter. I can manually execute the
>> plugin, but not via NRPE, so I think something isn't running as
>> nagios. Top says NRPE is running as nagios though. What user does
>> the NRPE run it's scripts as on the remote machine?
>>
>> On 23-Apr-09, at 3:01 PM, Patrick Morris wrote:
>>
>>> On Thu, 23 Apr 2009, Adam Mooz wrote:
>>>
>>>> I'm using Nagios and NRPE to monitor some system logs on a remote
>>>> system via check_logfiles.
>>>>
>>>> Here's the setup:
>>>> -user 'nagio's is part of the 'adm' group
>>>> -/var/log/syslog is readable by the 'adm' group
>>>> -manually executing check_logfiles as nagios (sudo -u nagios ./
>>>> check_logfiles <etc>) works
>>>> -executing remotely via NRPE fails
>>>> -NRPE is being started via xinetd and running as 'nagios'
>>>>
>>>> changing syslog to be world readable fixes the problem, however it
>>>> does just that; leaves the syslog file world readable. This
>>>> behavior
>>>> is being repeated for several other log files as well (mysql,
>>>> apache)
>>>> where despite nagios being part of the appropriate groups still not
>>>> remotely readable. This is clearly a problem of something
>>>> running as
>>>> a different user.
>>>>
>>>> Ideas?
>>>
>>> If I were a betting man I'd say that adm is not the nagios user's
>>> primary group, and/or you've specified a different group in your
>>> xinetd
>>> config.
>>
>>
>> ------------------------------------------------------------------------------
>> Crystal Reports - New Free Runtime and 30 Day Trial
>> Check out the new simplified licensign option that enables unlimited
>> royalty-free distribution of the report engine for externally
>> facing
>> server and web deployment.
>> http://p.sf.net/sfu/businessobjects
>> _______________________________________________
>> Nagios-users mailing list
>> Nagios-users at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/nagios-users
>> ::: Please include Nagios version, plugin version (-v) and OS when
>> reporting any issue.
>> ::: Messages without supporting info will risk being sent to /dev/
>> null
------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensign option that enables unlimited
royalty-free distribution of the report engine for externally facing
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list