permission /etc/resources.cfg reset by Apply Configuration.

[mon-team]

Hello,
i need the configuration file /usr/local/nagios/etc/resources.cfg to have limited permission, like this:

-rw------- 1 apache nagios resource.cfg

After every Apply configuration i see that permissions changes and in particular is granted readability to everybody:

-rw-rw---- 1 apache nagios resource.cfg


How can i configure Nagios XI in order to mantain permission 600 ?
From the Nagios Core documentation is reported that the permission can be set to always be 600 or 660, but i've found the way to set this specific configuration.
Could you kindly help me?

Regards
Francesco

[pbroste]

Hello @mon-team

Thanks for reaching out, and after verifying with my test environment we need to set the owner to 'nagios'.

Code: Select all

chown nagios:nagios /usr/local/nagios/etc/resources.cfg

And

Code: Select all

chmod 600 /usr/local/nagios/etc/resources.cfg

Please let us know how things look,
Perry

[mon-team]

Hello Perry,
on my environment is still not working as expected.

$ chown nagios:nagios resource.cfg
$ chmod 600 resource.cfg

permissions are ok:
-rw------- 1 nagios nagios 3263 Oct 26 16:10 resource.cfg

After an Apply configuration i find this:
-rw-rw-r-- 1 apache nagios 3263 Oct 26 16:10 resource.cfg

with readability granted to everybody.
Regards
Francesco

[pbroste]

Hello @mon-team

Thanks for following up; looking into permissions, we see that but would expect 0600 to run into trouble when using configuration wizards/CCM/objects API. The apache user will try to write to the /usr/local/nagios/etc/ directory for each situation (apache should be in the nagios group). However, 0660/0770 should work if they want to lock things down a bit more.

There is a '/usr/local/nagiosxi/scripts/reset_config_perms.sh' script that verifies perms. If you want to edit the config you would want to make adjustments to the following:

.........................
echo "> Setting configuration file/directory permissions"
/bin/chown -R $apacheuser:$nagiosgroup /usr/local/nagios/etc/
/bin/chmod -R 775 /usr/local/nagios/etc/
/bin/chmod ug-s /usr/local/nagios/etc/
........................

Thanks,
Perry

[mon-team]

Thanks for the reply,
no one worksbut i've added at the bottom of /usr/local/nagiosxi/scripts/reset_config_perms.sh this line:

/bin/chmod -R 660 /usr/local/nagios/etc/resource.cfg

permission now is the one i'm expecting and the Apply configuration works.
Thanks
Francesco

[pbroste]

Hello @mon-team

Thanks for following up and letting us know that the adjustments to the script worked.

I will go ahead and lock, please let us know if there is anything further that you need,
Perry