Page 1 of 2
The famous rw permission problem
Posted: Fri Jul 22, 2016 5:36 am
by amprantino
I just upgraded to nagios v4 and I face the well-know issue with the nagios.cmd problem.
Code: Select all
# /etc/init.d/nagios start
Starting nagios:/bin/chmod: cannot access β€/var/log/nagios/rw/nagios.cmd’: No such file or directory
done.
I save mine to /var/log/nagios/rw/nagios.cmd.
Is this value taken from nagios.cfg, and
command_file=/var/log/nagios/rw/nagios.cmd ??
Because even if I change the path to
command_file=/usr/local/nagios/var/rw/nagios.cmd , nothing changes.
Is this option ignored in v4?
As I am using Debian, I apply the following permissions:
mkdir /var/log/nagios/rw
chown nagios.www-data /var/log/nagios/rw
chmod u+rwx /var/log/nagios/rw
chmod g+rwx /var/log/nagios/rw
chmod g+s /var/log/nagios/rw
Any idea why these fail?
Re: The famous rw permission problem
Posted: Fri Jul 22, 2016 12:10 pm
by tgriep
Did you change both the init script /etc/init.d/nagios and the nagios.cfg file to the new folder?
Try that and let us know if it works for you.
If not, post the OS and version you are running and also the output of the following.
Code: Select all
chage -l nagios
grep nag /etc/passwd
grep nag /etc/group
Re: The famous rw permission problem
Posted: Mon Jul 25, 2016 6:24 am
by amprantino
/etc/init.d/nagios
NagiosCommandFile=/var/log/nagios/rw/nagios.cmd
nagios.cfg
command_file=/var/log/nagios/rw/nagios.cmd
Both files point to the same nagios.cmd file
# chage -l nagios
Last password change : Oct 30, 2012
Password expires : never
Password inactive : never
Account expires : never
Minimum number of days between password change : 0
Maximum number of days between password change : 99999
Number of days of warning before password expires : 7
# grep nag /etc/passwd
list
38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
nagios
1001
,,,:/usr/bin/:/bin/bash
systemd-network
108:114:systemd Network Management,,,:/run/systemd/netif:/bin/false
# grep nag /etc/group
nagios
1001:smsd
# uname -a
Linux NAME 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt20-1+deb8u3 (2016-01-17) x86_64 GNU/Linux
# cat /etc/debian_version
8.5
When I compiled, I got this output during configure:
.....
Command user/group: www-data,nagios
....
and then:
# make install-commandmode
/usr/bin/install -c -m 775 -o www-data -g nagios -d /var/log/nagios/rw
chmod g+s /var/log/nagios/rw
Re: The famous rw permission problem
Posted: Mon Jul 25, 2016 1:43 pm
by tgriep
The nagios group looks like it is missing some of the users from the list and that could be the issue.
Edit the /etc/group file and change this line from
to
Code: Select all
nagios:x:1001:nagios,www-data,smsd
Save the file and let us know if this works for you.
Re: The famous rw permission problem
Posted: Tue Jul 26, 2016 3:21 am
by amprantino
I did the changes to the /etc/group.
The problem are the permissions of the "/var/log/nagios" directory.
If permissions are less than 775, nagios fail to access nagios.cmd
After playing around with permissions I think I should stick to these:
/var/log# ll -d nagios/
drwxrwxr-x 6 nagios nagios 4.0K Jul 26 11:19 nagios/
/var/log/nagios# ll -d rw
drwxrwsr-x 2 nagios nagios 4.0K Jul 26 11:17 rw
/var/log/nagios/rw# ll
total 8.0K
drwxrwsr-x 2 nagios nagios 4.0K Jul 26 11:17 .
drwxrwxr-x 6 nagios nagios 4.0K Jul 26 11:19 ..
prw-rw---- 1 nagios nagios 0 Jul 26 11:17 nagios.cmd
srw-rw---- 1 nagios nagios 0 Jul 26 11:17 nagios.qh
Are the above correct, of group should be www-data ?
Re: The famous rw permission problem
Posted: Tue Jul 26, 2016 10:20 am
by tgriep
The permissions look good for those folders.
As long as the www-data is part of the nagios group, it should work for you.
Re: The famous rw permission problem
Posted: Tue Jul 26, 2016 12:46 pm
by amprantino
When I compile nagios from source, which are the correct parameters for:
--with-command-user=www-data \
--with-command-grp=www-data \
This should match the nagios user or the apache user or ... ?
Based on these parameters, should I apply the permissions to "/var/log/nagios/rw"?
Re: The famous rw permission problem
Posted: Wed Jul 27, 2016 9:34 am
by tgriep
To keep everything consistent, I would use the following
Code: Select all
--with-command-user=nagios \
--with-command-grp=nagios \
Then all you would have to do is make sure the nagios group has permissions for that folder and that the www-data is part of the nagios group.
Re: The famous rw permission problem
Posted: Thu Jul 28, 2016 2:09 am
by amprantino
To sum up:
Compile with options
--with-command-user=nagios \
--with-command-grp=nagios \
Apply permissions
/usr/bin/install -c -m 775 -o nagios -g nagios -d /var/log/nagios/rw
chmod g+s /var/log/nagios/rw
nagios group permissions
nagios
1001:nagios,www-data,smsd
Thank you all
Re: The famous rw permission problem
Posted: Thu Jul 28, 2016 11:17 am
by tgriep
Shall we mark this post as solved and lock it up?
38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
,,,:/usr/bin/:/bin/bash