Nagios Support Forum

Posted: **Wed Nov 02, 2016 8:47 am**

I have an application that connects to the Nagios XI server using SSH and execute some scripts in /usr/local/nagiosxi/scripts/.
The network admin decided that the application should use the root user anymore, and I can see why that would be a good idea.

Created a new user named it "limitednagios" and added it to the "nagios" group.
But I am now having some permission issues when attempting to run the /usr/local/nagiosxi/scripts/reconfigure_nagios.sh script.
Command output:

Code: Select all

[limitednagios@localhost scripts]$ cd /usr/local/nagiosxi/scripts/
[limitednagios@localhost scripts]$ ./reconfigure_nagios.sh
URL: http://localhost/nagiosxi/includes/components/ccm/
CMDLINE
/usr/bin/wget --save-cookies nagiosql.cookies --keep-session-cookies http://localhost/nagiosxi/includes/components/ccm/ --no-check-certificate --post-data 'submit=Login&hidelog=true&loginSubmitted=true&backend=1&username=nagiosxi&password=ufjb57' -O nagiosql.login--2016-11-02 14:20:53--  http://localhost/nagiosxi/includes/components/ccm/
Resolving localhost... ::1, 127.0.0.1
Connecting to localhost|::1|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: “nagiosql.login”

    [ <=>                                                                                                               ] 36,788      --.-K/s   in 0.03s

2016-11-02 14:20:53 (1.13 MB/s) - “nagiosql.login” saved [36788]

LOGIN SUCCESSFUL!
IMPORTING CONFIG FILES...URL: http://localhost/nagiosxi/includes/components/ccm/
Array
(
)
touch: cannot touch `/usr/local/nagiosxi/scripts/reconfigure_nagios.lock': Permission denied
[sudo] password for limitednagios:
Sorry, try again.
[sudo] password for limitednagios:
Sorry, try again.
[sudo] password for limitednagios:
Sorry, try again.
sudo: 3 incorrect password attempts
RESETTING CONFIG PERMS FAILED!\n
[limitednagios@localhost scripts]$

Is there any specific permissions I have to change for it to work?
Not all that firmalir with how Linux users are managed. And I don't know which other permissions reconfigure_nagios.sh require.
Any other things I need to be aware of?

NagiosXI version: 5.3.2

Code: Select all

[limitednagios@localhost scripts]$ cd /usr/local/nagiosxi/scripts/
[limitednagios@localhost scripts]$ ll
total 768
-rwxr-x--- 1 nagios nagios   5672 Nov  2 14:16 backup_xi.sh
-rwxr-x--- 1 nagios nagios   1664 Nov  2 14:16 change_timezone.sh
-rw-r----- 1 nagios nagios   3031 Nov  2 14:16 contact_notification_handler.php
-rwxr-x--- 1 nagios nagios    604 Nov  2 14:16 export_nagiosql.sh
-rwxr-x--- 1 nagios nagios    265 Nov  2 14:16 handle_nagioscore_event.php
-rw-r----- 1 nagios nagios   3316 Nov  2 14:16 handle_nagioscore.inc.php
-rwxr-x--- 1 nagios nagios    266 Nov  2 14:16 handle_nagioscore_notification.php
-rwxr-x--- 1 nagios nagios    376 Nov  2 14:16 import_nagiosql.sh
-rwxr-x--- 1 nagios nagios    908 Nov  2 14:16 import_xiconfig.php
-rwxr-x--- 1 nagios nagios    100 Nov  2 14:16 kill_rrdtool.sh
-rwxr-x--- 1 nagios nagios   2303 Nov  2 14:16 manage_services.sh
-rwxrwxr-x 1 nagios nagios    161 Nov  2 14:20 nagiosql.cookies
-rwxrwxr-x 1 nagios nagios 271666 Nov  2 14:16 nagiosql_defaults.sql
-rwxrwxr-x 1 nagios nagios  39537 Sep  2 09:31 nagiosql.delete.contact
-rwxrwxr-x 1 nagios nagios    885 Nov  2 14:16 nagiosql_delete_contact.php
-rwxrwxr-x 1 nagios nagios  17440 Mar 14  2016 nagiosql.delete.host
-rwxrwxr-x 1 nagios nagios   1927 Nov  2 14:16 nagiosql_delete_host.php
-rwxrwxr-x 1 nagios nagios    446 Nov  2 14:16 nagiosql_delete_object.sh
-rwxrwxr-x 1 nagios nagios   2756 Nov  2 14:16 nagiosql_delete_service.php
-rwxrwxr-x 1 nagios nagios  41055 Sep  2 09:31 nagiosql.delete.timeperiod
-rwxrwxr-x 1 nagios nagios    886 Nov  2 14:16 nagiosql_delete_timeperiod.php
-rwxrwxr-x 1 nagios nagios   1272 Nov  2 14:16 nagiosql_exportall.php
-rwxrwxr-x 1 nagios nagios  22101 Nov  2 14:16 nagiosql.export.monitoring
-rwxrwxr-x 1 nagios nagios   1296 Nov  2 14:16 nagiosql_importall.php
-rwxrwxr-x 1 nagios nagios 133306 Nov  2 14:16 nagiosql.import.monitoring
-rwxrwxr-x 1 nagios nagios  36788 Nov  2 14:20 nagiosql.login
-rwxrwxr-x 1 nagios nagios   1681 Nov  2 14:16 nagiosql_login.php
-rwxrwxr-x 1 nagios nagios   2248 Nov  2 14:16 nagiosql_snapshot.sh
-rwxrwxr-x 1 nagios nagios    200 Nov  2 14:16 nagiosql_trim_backups.sh
-rw-r----- 1 nagios nagios    366 Nov  2 14:16 nagiosxi_dbtype.php
-rwxr-x--- 1 nagios nagios    441 Nov  2 14:16 nom_create_nagioscore_checkpoint_cond.sh
-rwxr-x--- 1 nagios nagios    980 Nov  2 14:16 nom_create_nagioscore_checkpoint.sh
-rwxr-x--- 1 nagios nagios    781 Nov  2 14:16 nom_create_nagioscore_errorpoint.sh
-rwxr-x--- 1 nagios nagios    722 Nov  2 14:16 nom_restore_nagioscore_checkpoint.sh
-rwxr-x--- 1 nagios nagios    764 Nov  2 14:16 nom_restore_nagioscore_checkpoint_specific.sh
-rwxr-x--- 1 nagios nagios   2900 Nov  2 14:16 nom_trim_nagioscore_checkpoints.sh
-rwxr-x--- 1 nagios nagios   4621 Nov  2 14:16 parse_core_eventlog.php
-rwxr-x--- 1 nagios nagios   6019 Nov  2 14:16 patch_ndoutils.php
-rw-r----- 1 nagios nagios      0 Mar 14  2016 printf
-rwxr-x--- 1 nagios nagios    544 Nov  2 14:16 reconfigure_nagios.sh
-rwxr-x--- 1 nagios nagios   1113 Nov  2 14:16 repair_databases.sh
-rwxr-x--- 1 nagios nagios   1501 Nov  2 14:16 repairmysql.sh
-rwsr-xr-x 1 root   nagios   1019 Nov  2 14:16 reset_config_perms.sh
-rwxr-x--- 1 nagios nagios   1538 Nov  2 14:16 reset_nagiosadmin_password.php
-rwxr-x--- 1 nagios nagios   1570 Nov  2 14:16 restart_nagios_with_export.sh
-rwxr-x--- 1 nagios nagios    767 Nov  2 14:16 restore_defaults.sh
-rwxr-x--- 1 nagios nagios   9031 Nov  2 14:16 restore_xi.sh
-rwxr-x--- 1 nagios nagios   1847 Nov  2 14:16 send_to_auditlog.php
-rw-r----- 1 nagios nagios   2702 Nov  2 14:16 uninstall_xi.sh
-rwxr-x--- 1 nagios nagios   1207 Nov  2 14:16 unlock_user_account.php
-rwxr-x--- 1 nagios nagios   2681 Nov  2 14:16 upgrade_to_latest.sh

Posted: **Wed Nov 02, 2016 9:44 am**

The simplest solution would simply be to give the existing nagios user the ability login via ssh, so that what it's doing will run as intended.

This is on the fringe of what's covered in support, but I can give you a few pointers. Make your SSH daemon is setup correctly, eg ssh passwords/and or keys. It should accept both by default. The Unix/Linux user nagios doesn't come with a password set. SSH will not work for that account until it is done.

If you do this with a different user, you'll also need to match the nagios user's login ENV as well as any permissions.

Posted: **Thu Nov 03, 2016 2:19 am**

Is there a better way to do this then?
My network admin is not all that happy about changing permissions on the Nagios folders or such.

Can I call "Apply Configuration" from the API or something?
The only way I am aware of is manually running the reconfigure_nagios.sh script, and it sounds like you guys are really recommending that.

EDIT: I see there are some info on how to do this using the API on the help page (http://<NagiosServerIp>/nagiosxi/help/), I'll experiment with this a bit.

Posted: **Thu Nov 03, 2016 8:18 am**

I have gotten the API to work as I wanted, so I think I am good.
Simply http://<NagiosServerIp>/nagiosxi/api/v1/system/applyconfig?apikey=<ApiKey> works nicely.

Guess you can just close this thread.

Posted: **Thu Nov 03, 2016 8:58 am**

Is there a better way to do this then?
My network admin is not all that happy about changing permissions on the Nagios folders or such.

Perhaps there is some breakdown in communication, changing permissions on the Nagios folders was never a suggestion.

Anyway, it sounds like you have resolved your issue. Can we lock this thread?

Posted: **Thu Nov 03, 2016 9:07 am**

avandemore wrote:
Is there a better way to do this then?
My network admin is not all that happy about changing permissions on the Nagios folders or such.
Perhaps there is some breakdown in communication, changing permissions on the Nagios folders was never a suggestion.

Yeah, I guess I really don't know much about how the permission system works on Linux.
I may have screwed something up attempting to run the reconfigure_nagios.sh script with the "limitednagios" user.
A few services are acting a little weird for a few minutes after each "Apply Configuration" I perform. I guess it is permission related, but don't know where or how to correct it.

Maybe you can tell me what the reset_config_perms.sh script does, since reconfigure_nagios.sh attempted to call it using sudo.
Should I run it once using root to make sure it is run once correctly or something?

Posted: **Thu Nov 03, 2016 9:17 am**

The good news is you have the source, so you can see for yourself:

Code: Select all

#!/bin/bash

# $Id$#

BASEDIR=$(dirname $(readlink -f $0))

# IMPORT ALL XI CFG VARS
. $BASEDIR/../var/xi-sys.cfg

# Fix permissions on config files
echo "RESETTING PERMS"

/bin/chown $nagiosuser.$nagiosgroup /usr/local/nagiosxi/scripts/nagiosql*
/bin/chmod 775 /usr/local/nagiosxi/scripts/nagiosql*
/bin/chown -R $apacheuser:$nagiosgroup /usr/local/nagios/etc/
/bin/chmod -R ug+rw /usr/local/nagios/etc/
/bin/chmod -R 775 /usr/local/nagios/share/perfdata/

/bin/chown -R $nagiosuser.$nagiosgroup /usr/local/nagios/share/perfdata
/bin/chmod 775 /usr/local/nagios/libexec

/bin/chown $nagiosuser:$nagiosgroup /usr/local/nagiosxi/nom/checkpoints/nagiosxi

if [ -f /usr/local/nagiosxi/var/corelog.newobjects ]; then
    /bin/chown $nagiosuser.$nagiosgroup /usr/local/nagiosxi/var/corelog.newobjects
fi

# Make sure ccm config file is writeable by apache
if [ -f /usr/local/nagiosxi/etc/components/ccm_config.inc.php ]; then
    /bin/chown $apacheuser.$nagiosgroup /usr/local/nagiosxi/etc/components/ccm_config.inc.php
fi

Yes that needs to be run as root, sudo or otherwise.

Posted: **Thu Nov 03, 2016 9:27 am**

In addition to what @avandemore mentioned, to simplify down the script, it resets the permissions back to what they need to be on a few folders in the case that they were changed.

Posted: **Thu Nov 03, 2016 9:52 am**

Thanks you two!
I have run it as root once, hopefully that fixes the problem. If not I'll start a separate thread.

You can lock this.

Posted: **Thu Nov 03, 2016 10:01 am**

Great, thanks for using the Nagios forums!

Nagios Support Forum

Limited SSH User

Limited SSH User

Re: Limited SSH User

Re: Limited SSH User

Re: Limited SSH User

Re: Limited SSH User

Re: Limited SSH User

Re: Limited SSH User

Re: Limited SSH User

Re: Limited SSH User

Re: Limited SSH User