The default /etc/nagios/nrpe.cfg indicates in the comments that the nrpe_user and nrpe_group options are ignored if running under xinetd.
However, I've found that the behavior differs if they are set in nrpe.cfg versus not being set at all, which suggests they are not ignored.
I have 2 related users on my system:
Code: Select all
nagios:x:995:993::/var/spool/nagios:/sbin/nologin
nrpe:x:994:992:NRPE user for the NRPE service:/var/run/nrpe:/sbin/nologin
Code: Select all
nagios:x:993:nrpe
nrpe:x:992:
Code: Select all
nrpe_user=nrpe
nrpe_group=nrpe
Code: Select all
user = nagios
group = nagios
Code: Select all
Jan 25 16:40:53 trinculo nrpe[30095]: Warning: Could not set effective GID=992
Jan 25 16:40:53 trinculo nrpe[30095]: Warning: Unable to change supplementary groups using initgroups()
Jan 25 16:40:53 trinculo nrpe[30095]: Warning: Could not set UID=994
- Specify user/group nrpe/nrpe in /etc/xinetd.d/nrpe (no supplemental groups)
- Comment out the nrpe_user and nrpe_group in /etc/nagios/nrpe.cfg