The famous rw permission problem

amprantino · Post by **amprantino** » Fri Jul 22, 2016 5:36 am

I just upgraded to nagios v4 and I face the well-know issue with the nagios.cmd problem.

# /etc/init.d/nagios start
Starting nagios:/bin/chmod: cannot access β€/var/log/nagios/rw/nagios.cmdβ€™: No such file or directory
 done.

I save mine to /var/log/nagios/rw/nagios.cmd.
Is this value taken from nagios.cfg, and command_file=/var/log/nagios/rw/nagios.cmd ??
Because even if I change the path to command_file=/usr/local/nagios/var/rw/nagios.cmd , nothing changes.
Is this option ignored in v4?

As I am using Debian, I apply the following permissions:

mkdir /var/log/nagios/rw
chown nagios.www-data /var/log/nagios/rw
chmod u+rwx /var/log/nagios/rw
chmod g+rwx /var/log/nagios/rw
chmod g+s /var/log/nagios/rw

Any idea why these fail?

Post by **tgriep** » Fri Jul 22, 2016 12:10 pm

Did you change both the init script /etc/init.d/nagios and the nagios.cfg file to the new folder?
Try that and let us know if it works for you.
If not, post the OS and version you are running and also the output of the following.

Code: Select all

chage -l nagios
grep nag /etc/passwd
grep nag /etc/group

amprantino · Post by **amprantino** » Mon Jul 25, 2016 6:24 am

/etc/init.d/nagios
NagiosCommandFile=/var/log/nagios/rw/nagios.cmd
nagios.cfg
command_file=/var/log/nagios/rw/nagios.cmd

Both files point to the same nagios.cmd file

# chage -l nagios
Last password change : Oct 30, 2012
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7

# grep nag /etc/passwd
list38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
nagios1001,,,:/usr/bin/:/bin/bash
systemd-network108:114:systemd Network Management,,,:/run/systemd/netif:/bin/false

# grep nag /etc/group
nagios1001:smsd
# uname -a
Linux NAME 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u3 (2016-01-17) x86_64 GNU/Linux
# cat /etc/debian_version
8.5

When I compiled, I got this output during configure:

.....
Command user/group: www-data,nagios
....
and then:

# make install-commandmode
/usr/bin/install -c -m 775 -o www-data -g nagios -d /var/log/nagios/rw
chmod g+s /var/log/nagios/rw

Post by **tgriep** » Mon Jul 25, 2016 1:43 pm

The nagios group looks like it is missing some of the users from the list and that could be the issue.
Edit the /etc/group file and change this line from

Code: Select all

nagios:x:1001:smsd

to

Code: Select all

nagios:x:1001:nagios,www-data,smsd

Save the file and let us know if this works for you.

amprantino · Post by **amprantino** » Tue Jul 26, 2016 3:21 am

I did the changes to the /etc/group.

The problem are the permissions of the "/var/log/nagios" directory.
If permissions are less than 775, nagios fail to access nagios.cmd

After playing around with permissions I think I should stick to these:

/var/log# ll -d nagios/
drwxrwxr-x 6 nagios nagios 4.0K Jul 26 11:19 nagios/

/var/log/nagios# ll -d rw
drwxrwsr-x 2 nagios nagios 4.0K Jul 26 11:17 rw

/var/log/nagios/rw# ll
total 8.0K
drwxrwsr-x 2 nagios nagios 4.0K Jul 26 11:17 .
drwxrwxr-x 6 nagios nagios 4.0K Jul 26 11:19 ..
prw-rw---- 1 nagios nagios 0 Jul 26 11:17 nagios.cmd
srw-rw---- 1 nagios nagios 0 Jul 26 11:17 nagios.qh

Are the above correct, of group should be www-data ?

Post by **tgriep** » Tue Jul 26, 2016 10:20 am

The permissions look good for those folders.
As long as the www-data is part of the nagios group, it should work for you.

amprantino · Post by **amprantino** » Tue Jul 26, 2016 12:46 pm

When I compile nagios from source, which are the correct parameters for:

--with-command-user=www-data \
--with-command-grp=www-data \

This should match the nagios user or the apache user or ... ?

Based on these parameters, should I apply the permissions to "/var/log/nagios/rw"?

Post by **tgriep** » Wed Jul 27, 2016 9:34 am

To keep everything consistent, I would use the following

Code: Select all

--with-command-user=nagios \
--with-command-grp=nagios \

Then all you would have to do is make sure the nagios group has permissions for that folder and that the www-data is part of the nagios group.

amprantino · Post by **amprantino** » Thu Jul 28, 2016 2:09 am

To sum up:

Compile with options

--with-command-user=nagios \
--with-command-grp=nagios \

Apply permissions

/usr/bin/install -c -m 775 -o nagios -g nagios -d /var/log/nagios/rw
chmod g+s /var/log/nagios/rw

nagios group permissions

nagios1001:nagios,www-data,smsd

Thank you all

Post by **tgriep** » Thu Jul 28, 2016 11:17 am

Shall we mark this post as solved and lock it up?

Nagios Support Forum

The famous rw permission problem

The famous rw permission problem

Re: The famous rw permission problem

Re: The famous rw permission problem

Re: The famous rw permission problem

Re: The famous rw permission problem

Re: The famous rw permission problem

Re: The famous rw permission problem

Re: The famous rw permission problem

Re: The famous rw permission problem

Re: The famous rw permission problem