Page 2 of 2
Re: Reset config permissions failed
Posted: Tue Aug 30, 2016 4:11 pm
by ssax
Is this server using LDAP/AD for SSH/OS level authentication? Please post your
/etc/sudoers.
Also, to remove that
Another reconfigure process is still running, sleeping... message:
Code: Select all
rm -rf /usr/local/nagiosxi/scripts/reconfigure_nagios.lock
Then do the tail/apply again.
Thank you
Re: Reset config permissions failed
Posted: Wed Aug 31, 2016 8:36 am
Yes, this system is using LDAP for OS authentication. We are in a closed environment so I can't post sudoers without checking with our Security Officer first. We have rules; we can't share IP addresses, other network related attributes and of course anything confidential that could potentially compromise this system. If you feel you need sudoers to diagnose this issue, let me know and I can work it as this is important; can't apply any configuration changes.
(1) I removed the lock file and performed the following. (2) Delete, Write. (3) While tailing the cmdsubsys.log I Applied the configuration. (4) The attached screen shot displays some diagnostic information.
Thank you for your help. Kind Regards,
Bill Martin
Re: Reset config permissions failed
Posted: Wed Aug 31, 2016 12:28 pm
by lmiltchev
I suspect the "requiretty" option in sudoers is causing the problem for you. Can you show the output of the following command?
You should have:
Re: Reset config permissions failed
Posted: Wed Aug 31, 2016 2:33 pm
You are correct. Here is the grep output from /etc/sudoers on tty. I am asking my Sys Admin what can be done, as it is not obvious to me. Do you have a recommendation? Your help is greatly appreciated! Kind Regards, Bill Martin
#Defaults requiretty
Defaults:ccud !requiretty
Defaults:cmdbuser !requiretty
Defaults:db2inst1 !requiretty
Defaults:emadmin !requiretty
Defaults:sbauser !requiretty
Defaults:taddmuser !requiretty
# commands via sudo even without a real tty
#Defaults:tomcat !requiretty
#Defaults:apache !requiretty
# Refuse to run if unable to disable echo on the tty. This setting should also be
# changed in order to be able to use sudo without a tty. See requiretty above.
# Disable requiretty for TADDM discoveries.
Re: Reset config permissions failed
Posted: Wed Aug 31, 2016 3:52 pm
by ssax
You could add:
But here are all the other entries that need to be in there as well:
Code: Select all
User_Alias NAGIOSXI=nagios
User_Alias NAGIOSXIWEB=apache
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios start
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios stop
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios restart
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios reload
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios status
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios checkconfig
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db start
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db stop
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db restart
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db reload
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db status
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd start
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd stop
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd restart
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd reload
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd status
NAGIOSXI ALL = NOPASSWD:/usr/bin/php /usr/local/nagiosxi/html/includes/components/autodiscovery/scripts/autodiscover_new.php *
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/html/includes/components/profile/getprofile.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/upgrade_to_latest.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/change_timezone.sh
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/manage_services.sh *
NAGIOSXI ALL = NOPASSWD:/usr/local/nagiosxi/scripts/reset_config_perms.sh
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/tail -100 /var/log/messages
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/tail -100 /var/log/httpd/error_log
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/tail -100 /var/log/mysqld.log
NAGIOSXIWEB ALL = NOPASSWD:/usr/bin/php /usr/local/nagiosxi/html/includes/components/autodiscovery/scripts/autodiscover_new.php *
NAGIOSXIWEB ALL = NOPASSWD:/usr/local/nagiosxi/html/includes/components/profile/getprofile.sh
NAGIOSXIWEB ALL = NOPASSWD:/etc/init.d/snmptt restart
NAGIOSXIWEB ALL = NOPASSWD:/usr/local/nagiosxi/scripts/repair_databases.sh
NAGIOSXIWEB ALL = NOPASSWD:/usr/local/nagiosxi/scripts/manage_services.sh *