Weird permission problem

[WillemDH]

Hello,

I have a weird permission problem with the /usr/local/nagios/libexec folder on my XI server. So I made a Reactor chain which updates the libexec scripts folder with the latest versions of plugins etc.

These were the original permissions:

Code: Select all

ls -la /usr/local/nagios/libexec
total 12376
drwxrwxr-x.  6 apache     nagios   12288 May 20 15:42 .
drwxr-xr-x.  9 root       root      4096 Jun 12  2014 ..

The user Reactor is uing to do stuff is called sysreactor. This user is in the nagios group:

Code: Select all

grep sysreactor /etc/group
nagios:x:500:nagios,apache,snmptt,sysreactor

The Reactor chain executes this command over SSH with the sysreactor user:

Code: Select all

/bin/cp -r /mnt/naf/scripts/* /usr/local/nagios/libexec/

But I'm getting this error:

Code: Select all

/bin/cp: cannot create regular file `/usr/local/nagios/libexec/check_lin_updates.py': Permission denied

This is already weird as the sysreactor user in the group and the nagios group has 7 as permissions, so it should be able to write files?
As a test I tried giving 777 to /usr/local/nagios/libexec

Code: Select all

ls -la /usr/local/nagios/libexec
total 12376
drwxrwxrwx.  6 apache     nagios   12288 May 20 15:42 .
drwxr-xr-x.  9 root       root      4096 Jun 12  2014 ..

Then tried again with same 'Permission denied' result. What could be causing this beahviour? On other servers with identical permissions (eg nls) this chains works perfect...

Grtz

Willem

[BanditBBS]

Willem, here are my perms:

Code: Select all

[root@iss-chi-nag05 ~]# ls -la /usr/local/nagios/libexec
total 13608
drwxrwsr-x 4 apache nagios   16384 May 19 16:28 .
drwxr-xr-x 9 nagios nagios    4096 Nov  9  2015 ..

[WillemDH]

Tx Bandit,

These were in fact the original permissions like mine. My first code block was a bit wrong.

Code: Select all

ls -la /usr/local/nagios/libexec
total 12376
drwxrwsr-x.  6 apache     nagios   12288 May 20 15:42 .
drwxr-xr-x.  9 root       root      4096 Jun 12  2014 ..

I still have no clue though what's going on here.. I removed the s with chmod g-s [name] as a test, but I'm having the same issue with all. I even gave 777 to /usr/local/nagios/libexec and it still didn't work...

I just need to be able to create files in that directory with the sysreactor use. So why is this not possible then, seeing that sysreactor is in the nagios group?

Grtz

[hsmith]

Just a thought.. what are the permissions of the source file that user is trying to copy it from?

Can the sysreactor user touch files to the directory normally?

[tgriep]

Does the file

Code: Select all

/usr/local/nagios/libexec/check_lin_updates.py

Already exist in the folder and it is having issues over writing it?

[ssax]

Have you validated that it is indeed doing it as the sysreactor user? Can you the SSH exec whoami into a file in /tmp or something?

[WillemDH]

Already exist in the folder and it is having issues over writing it?

No the file doesn't exist

Have you validated that it is indeed doing it as the sysreactor user?

I have tried executing the cp command after logging in as the user sysreactor on the server with

Code: Select all

su sysreactor

Same problem

[WillemDH]

Ha I found the problem. The issue is that the userid of the sysreactor user on the mounted naf was different then the one on the Nagios server.... This becasue starting from CentOS 7 enw users are created default with an id above 1000 and in CentOS 6 user id's start from 500. I had to make a script which changes the ifd of the user to match the one on the mounted volume.
For user starting with Reactor, it could be useful to mention this in a 'getting started' guide. Automation is best done with a separate non-root user. But the user id , primary and secondary group id of this user and related groups should be identical on all servers to prevent this kind of issues. (and be in the 1000+ range)

Thread can be closed.

[mcapra]

Glad you were able to resolve the issue! Locking this up