[Nagios-devel] Bug in reporting permissions problems with config files - nagios 2.0b4
Posted: Thu Oct 06, 2005 1:01 pm
Hi all:
Looks like there is a minor bug with reporting problems with
permissions of config files. When running it in the verify mode,
nagios doesn't attempt to change to the nagios
user/group. I.E. drop_privileges isn't called. So access occurs an
usual.
However when running as a daemon (normally), it calls drop_privileges
after the main config file is read, but not before the rest of the
config files are read.
main()
result=read_main_config_file(config_file);
/* drop privileges */
if(drop_privileges(nagios_user,nagios_group)==ERROR){
[ user id is nagios now]
...
/* read in all object config data */
if(result==OK)
result=read_all_object_data(config_file);
As a result the daemon fails with an error saying to run "nagios -v"
to verify the config files. However since nagios -v never drops
privs, it never sees the problem.
To replicate:
change the permisions on one of the nagios cfg files so that the nagios
user can't read it.
run "nagios -v" as root all should be well.
run "nagios" as root it will fail to start.
Possible fix: report a permissions problem on the file that failed to open.
-- rouilj
John Rouillard
===========================================================================
My employers don't acknowledge my existence much less my opinions.
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]
Looks like there is a minor bug with reporting problems with
permissions of config files. When running it in the verify mode,
nagios doesn't attempt to change to the nagios
user/group. I.E. drop_privileges isn't called. So access occurs an
usual.
However when running as a daemon (normally), it calls drop_privileges
after the main config file is read, but not before the rest of the
config files are read.
main()
result=read_main_config_file(config_file);
/* drop privileges */
if(drop_privileges(nagios_user,nagios_group)==ERROR){
[ user id is nagios now]
...
/* read in all object config data */
if(result==OK)
result=read_all_object_data(config_file);
As a result the daemon fails with an error saying to run "nagios -v"
to verify the config files. However since nagios -v never drops
privs, it never sees the problem.
To replicate:
change the permisions on one of the nagios cfg files so that the nagios
user can't read it.
run "nagios -v" as root all should be well.
run "nagios" as root it will fail to start.
Possible fix: report a permissions problem on the file that failed to open.
-- rouilj
John Rouillard
===========================================================================
My employers don't acknowledge my existence much less my opinions.
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]