Re: [Nagios-devel] Bug in reporting permissions problems with config files - nagios 2.0b4
Posted: Tue Nov 08, 2005 3:06 pm
Thanks - A patch will be in CVS shortly that will force Nagios to
drop privs before running a config verification or scheduling
information test.
On 6 Oct 2005 at 17:00, John P. Rouillard wrote:
>
> Hi all:
>
> Looks like there is a minor bug with reporting problems with
> permissions of config files. When running it in the verify mode,
> nagios doesn't attempt to change to the nagios
> user/group. I.E. drop_privileges isn't called. So access occurs an
> usual.
>
> However when running as a daemon (normally), it calls drop_privileges
> after the main config file is read, but not before the rest of the
> config files are read.
>
> main()
> result=read_main_config_file(config_file);
> /* drop privileges */
> if(drop_privileges(nagios_user,nagios_group)==ERROR){
> [ user id is nagios now]
> ...
> /* read in all object config data */
> if(result==OK)
> result=read_all_object_data(config_file);
>
> As a result the daemon fails with an error saying to run "nagios -v"
> to verify the config files. However since nagios -v never drops
> privs, it never sees the problem.
>
> To replicate:
>
> change the permisions on one of the nagios cfg files so that the nagios
> user can't read it.
>
> run "nagios -v" as root all should be well.
> run "nagios" as root it will fail to start.
>
> Possible fix: report a permissions problem on the file that failed to open.
>
> -- rouilj
> John Rouillard
> ===========================================================================
> My employers don't acknowledge my existence much less my opinions.
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by:
> Power Architecture Resource Center: Free content, downloads, discussions,
> and more. http://solutions.newsforge.com/ibmarch.tmpl
> _______________________________________________
> Nagios-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/lis ... gios-devel
>
>
Ethan Galstad,
Nagios Developer
---
Email: [email protected]
Website: http://www.nagios.org
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]
drop privs before running a config verification or scheduling
information test.
On 6 Oct 2005 at 17:00, John P. Rouillard wrote:
>
> Hi all:
>
> Looks like there is a minor bug with reporting problems with
> permissions of config files. When running it in the verify mode,
> nagios doesn't attempt to change to the nagios
> user/group. I.E. drop_privileges isn't called. So access occurs an
> usual.
>
> However when running as a daemon (normally), it calls drop_privileges
> after the main config file is read, but not before the rest of the
> config files are read.
>
> main()
> result=read_main_config_file(config_file);
> /* drop privileges */
> if(drop_privileges(nagios_user,nagios_group)==ERROR){
> [ user id is nagios now]
> ...
> /* read in all object config data */
> if(result==OK)
> result=read_all_object_data(config_file);
>
> As a result the daemon fails with an error saying to run "nagios -v"
> to verify the config files. However since nagios -v never drops
> privs, it never sees the problem.
>
> To replicate:
>
> change the permisions on one of the nagios cfg files so that the nagios
> user can't read it.
>
> run "nagios -v" as root all should be well.
> run "nagios" as root it will fail to start.
>
> Possible fix: report a permissions problem on the file that failed to open.
>
> -- rouilj
> John Rouillard
> ===========================================================================
> My employers don't acknowledge my existence much less my opinions.
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by:
> Power Architecture Resource Center: Free content, downloads, discussions,
> and more. http://solutions.newsforge.com/ibmarch.tmpl
> _______________________________________________
> Nagios-devel mailing list
> [email protected]
> https://lists.sourceforge.net/lists/lis ... gios-devel
>
>
Ethan Galstad,
Nagios Developer
---
Email: [email protected]
Website: http://www.nagios.org
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]