Hello,
It seems that nagios is creating world-writable xml files in the perfdata directory. Is there a way to set umask on the offending process to prevent this?
-rw-rw-rw- 1 nagios nagios 5362 Nov 22 13:50 /usr/local/nagios/share/perfdata/.pnp-internal/runtime.xml
-rw-rw-rw- 1 nagios nagios 5601 Nov 22 13:49 /usr/local/nagios/share/perfdata/xxxxxx/CPU_Stats.xml
-rw-rw-rw- 1 nagios nagios 3499 Nov 22 13:46 /usr/local/nagios/share/perfdata/xxxxxx/Load.xml
…
Regards
perfdata world writeable
-
sreinhardt
- -fno-stack-protector
- Posts: 4366
- Joined: Mon Nov 19, 2012 12:10 pm
Re: perfdata world writeable
Yes you should be able to alter both the xml and rrds to be only world readable without issue. If I recall correctly, the path permissions should disallow anyone outside of nagios:nagios or nagios:nagcmd to actually access those files though. The XML files may change back as they are written to again, however the rrd files will stay the same. This most likely is a setting within npcd that I can dig around and see about altering.
XML permission changes:
RRD permission changes:
XML permission changes:
Code: Select all
for XML in $(find /usr/local/nagios/share/perfdata/ -name '*.xml'); do
chmod 664 $XML
doneCode: Select all
for RRD in $(find /usr/local/nagios/share/perfdata/ -name '*.rrd'); do
chmod 774 $RRD
doneNagios-Plugins maintainer exclusively, unless you have other C language bugs with open-source nagios projects, then I am happy to help! Please pm or use other communication to alert me to issues as I no longer track the forum.