Re: [Nagios-devel] Bug in reporting permissions problems with config files - nagios 2.0b4

Support forum for Nagios Core, Nagios Plugins, NCPA, NRPE, NSCA, NDOUtils and more. Engage with the community of users including those using the open source solutions.
Locked
Guest

Re: [Nagios-devel] Bug in reporting permissions problems with config files - nagios 2.0b4

Post by Guest »

Thanks - A patch will be in CVS shortly that will force Nagios to
drop privs before running a config verification or scheduling
information test.


On 6 Oct 2005 at 17:00, John P. Rouillard wrote:

>
> Hi all:
>
> Looks like there is a minor bug with reporting problems with
> permissions of config files. When running it in the verify mode,
> nagios doesn't attempt to change to the nagios
> user/group. I.E. drop_privileges isn't called. So access occurs an
> usual.
>
> However when running as a daemon (normally), it calls drop_privileges
> after the main config file is read, but not before the rest of the
> config files are read.
>
> main()
> result=read_main_config_file(config_file);
> /* drop privileges */
> if(drop_privileges(nagios_user,nagios_group)==ERROR){
> [ user id is nagios now]
> ...
> /* read in all object config data */
> if(result==OK)
> result=read_all_object_data(config_file);
>
> As a result the daemon fails with an error saying to run "nagios -v"
> to verify the config files. However since nagios -v never drops
> privs, it never sees the problem.
>
> To replicate:
>
> change the permisions on one of the nagios cfg files so that the nagios
> user can't read it.
>
> run "nagios -v" as root all should be well.
> run "nagios" as root it will fail to start.
>
> Possible fix: report a permissions problem on the file that failed to open.
>
> -- rouilj
> John Rouillard
> ===========================================================================
> My employers don't acknowledge my existence much less my opinions.
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by:
> Power Architecture Resource Center: Free content, downloads, discussions,
> and more. http://solutions.newsforge.com/ibmarch.tmpl
> _______________________________________________
> Nagios-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/lis ... gios-devel
>
>



Ethan Galstad,
Nagios Developer
---
Email: [email protected]
Website: http://www.nagios.org






This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]
Top
Locked

Return to “Open Source Nagios Projects”