Permissions problem

Adam Mooz adam.mooz at gmail.com
Fri Apr 24 18:58:15 CEST 2009


I didn't know about the primary group bit, thanks!  It's all working,  
apologies for the snarky-ness in the previous message.  All is good  
now :)

On 23-Apr-09, at 4:24 PM, Patrick Morris wrote:

> By the way, for further info see the xinetd man page, which (on my
> system, anyway) states:
>
> group
>    determines the gid for the server process. The group name must  
> exist
>    in /etc/group. If a group is not specified, the group of user will
>    be used (from /etc/passwd). This attribute is ineffective if the
>    effective user ID of xinetd is not super-user.
>
> Note that it's only going to use the primary group. Other group rights
> are dropped.
>
> On Thu, 23 Apr 2009, Adam Mooz wrote:
>
>> No, it's not, but that doesn't matter.  I can manually execute the
>> plugin, but not via NRPE, so I think something isn't running as
>> nagios.  Top says NRPE is running as nagios though.  What user does
>> the NRPE run it's scripts as on the remote machine?
>>
>> On 23-Apr-09, at 3:01 PM, Patrick Morris wrote:
>>
>>> On Thu, 23 Apr 2009, Adam Mooz wrote:
>>>
>>>> I'm using Nagios and NRPE to monitor some system logs on a remote
>>>> system via check_logfiles.
>>>>
>>>> Here's the setup:
>>>> -user 'nagio's is part of the 'adm' group
>>>> -/var/log/syslog is readable by the 'adm' group
>>>> -manually executing check_logfiles as nagios (sudo -u nagios ./
>>>> check_logfiles <etc>) works
>>>> -executing remotely via NRPE fails
>>>> -NRPE is being started via xinetd and running as 'nagios'
>>>>
>>>> changing syslog to be world readable fixes the problem, however it
>>>> does just that; leaves the syslog file world readable.  This  
>>>> behavior
>>>> is being repeated for several other log files as well (mysql,  
>>>> apache)
>>>> where despite nagios being part of the appropriate groups still not
>>>> remotely readable.  This is clearly a problem of something  
>>>> running as
>>>> a different user.
>>>>
>>>> Ideas?
>>>
>>> If I were a betting man I'd say that adm is not the nagios user's
>>> primary group, and/or you've specified a different group in your
>>> xinetd
>>> config.
>>
>>
>> ------------------------------------------------------------------------------
>> Crystal Reports - New Free Runtime and 30 Day Trial
>> Check out the new simplified licensign option that enables unlimited
>> royalty-free distribution of the report engine for externally  
>> facing
>> server and web deployment.
>> http://p.sf.net/sfu/businessobjects
>> _______________________________________________
>> Nagios-users mailing list
>> Nagios-users at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/nagios-users
>> ::: Please include Nagios version, plugin version (-v) and OS when  
>> reporting any issue.
>> ::: Messages without supporting info will risk being sent to /dev/ 
>> null


------------------------------------------------------------------------------
Crystal Reports - New Free Runtime and 30 Day Trial
Check out the new simplified licensign option that enables unlimited
royalty-free distribution of the report engine for externally facing 
server and web deployment.
http://p.sf.net/sfu/businessobjects
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list