The problem is that we need the nagios user to own those files so that subsequent, automated customization can be done (changing CSS information based on which specific server is being viewed, for instance). That customization is done via cron as the nagios user and anything that isn't owned by nagios needs to be accessed by sudo. But we can't add the ability to access arbitrary files due to STIG requirements. If the nagios user doesn't own the file, then the nagios user will not be allowed sudo access to modify the file in any way, either.
So I did some research. Turns out nagios doesn't own a few files in /usr/local/nagiosxi (including the ones uploaded via the GUI) and a huge number of files in /usr/local/nagios. My question is this:
What would be the ramifications of doing a one-time "chown -R nagios. /usr/local/nagiosxi"?
Code: Select all
# find /usr/local/nagiosxi -ls | awk '{print $5,$6}' | sort | uniq -c | sort -n
1 nagios apache
5 root root
8 apache apache
9 apache nagios
21 root nagios
674 nagios root
4739 nagios nagios
# find /usr/local/nagios -ls | awk '{print $5,$6}' | sort | uniq -c | sort -n
3 nagios nagcmd
12 root nagios
196 apache nagios
704 nagios nagios
1157 root root