Page 1 of 1
Executing service check as postgres user vs root
Posted: Tue Aug 21, 2018 4:46 pm
by awilson
Hi. We have a few filesystem checks where the mount point is owned by the postgres user. It appears that the service checks that use sudo only sudo to root and don't have options to sudo to specified users. Have I misunderstood how those checks work?
The nagios user receives access permission errors. The business owners are not inclined to change the filesystem permissions.
Thanks!
Re: Executing service check as postgres user vs root
Posted: Wed Aug 22, 2018 10:25 am
by lmiltchev
We were able to come up with a "workaround" in our test environment, but your mileage may vary. I hope the example below can at least point you to the right direction.
On the remote system, we set up a mountpoint, owned by postgres:
Code: Select all
df -h
Filesystem Size Used Avail Use% Mounted on
/dev/mapper/vg_nagiosxi-lv_root
37G 9.0G 27G 26% /
tmpfs 3.9G 0 3.9G 0% /dev/shm
/dev/sda1 477M 126M 327M 28% /boot
tmpfs 512M 0 512M 0% /root/postgresdirnew
ls -lad /root/postgresdirnew
drwxrwxrwt. 2 postgres postgres 40 Aug 22 09:43 /root/postgresdirnew
We set up a wrapper script, named check_postgrespartion.sh, placed it in the plugins directory and made it executable:
Code: Select all
#!/bin/bash
(su postgres; /usr/local/nagios/libexec/check_disk $@)
We set up a NRPE command in the /usr/local/nagios/etc/nrpe/common.cfg file:
Code: Select all
command[check_disk_postgres]=sudo /usr/local/nagios/libexec/check_postgrespartion.sh $ARG1$
added the following line to the sudoers:
Code: Select all
nagios ALL=NOPASSWD: /usr/local/nagios/libexec/check_postgrespartion.sh *
and restarted NRPE:
Next, we tested it by running the following command from the CLI on the Nagios XI server:
Code: Select all
/usr/local/nagios/libexec/check_nrpe -H x.x.x.x -c check_disk_postgres -a '-w 10% -c 5% -p /root/postgresdirnew'
DISK OK - free space: /root/postgresdirnew 512 MB (100.00% inode=100%);| /root/postgresdirnew=0MB;460;486;0;512
Hope this helps.
Re: Executing service check as postgres user vs root
Posted: Wed Aug 22, 2018 2:53 pm
by awilson
Thanks. I'll test this and reply.
Thanks for working on it.
Re: Executing service check as postgres user vs root
Posted: Wed Aug 22, 2018 3:02 pm
by lmiltchev
Sure - let us know how it went. We will keep this topic open for the time being.
Re: Executing service check as postgres user vs root
Posted: Wed Aug 29, 2018 2:55 pm
by awilson
Hi. I'm just getting back to this. Before getting your reply I asked the server team to do the following:
Code: Select all
1. On the REMOTE server Please copy /usr/local/nagios/libexec/check_disk to /usr/local/nagios/libexec/check_disk_pgsql
2. Add the nagios user to the REMOTE server's sudoers file with "nagios ALL = NOPASSWD:/usr/local/nagios/libexec/check_disk_pgsql
3. Please close the task to indicate that the task is completed
Then the Nagios team will alter the service check parameter so that $ARG1$ references the new check_disk_pgsql copy that is referenced in the sudoers file.
They did what I asked. Is this salvageable, or should I start over with the wrapper script?
Thanks!
Re: Executing service check as postgres user vs root
Posted: Wed Aug 29, 2018 3:24 pm
by lmiltchev
This should work.
Are you going to be running the check locally (on the remote machine), then sending passive check results to the Nagios XI server or you are planning on using active checks, e.g. check_nrpe?
Re: Executing service check as postgres user vs root
Posted: Thu Sep 13, 2018 5:45 pm
by awilson
It will be using active checks.
It is ok to close this. Thanks.
Re: Executing service check as postgres user vs root
Posted: Fri Sep 14, 2018 8:43 am
by lmiltchev
Sounds good! I am closing this topic.