Hi guys,
we are running Nagios XI 5.6.1 on RHEL 7.5 OS. From a previous topic we understand below are few of the sudo commands to be allowed for nagios user account. we are not sure whether these are valid commands, because we dont see nagios, ndo2db, npcd scripts under /etc/init.d directory.
Could you please confirm if there is an script that we need to run to get copy the startup scripts to /etc/init.d directory? If this is not the case could you please confirm the service restart commands that need to be allowed for nagios user account?
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios start
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios stop
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios restart
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios reload
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios status
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios checkconfig
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db start
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db stop
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db restart
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db reload
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db status
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd start
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd stop
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd restart
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd reload
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd status
Please let me know if you need more info. Thanks in advance for any responses.
Sudo permissions for Nagios user account
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Sudo permissions for Nagios user account
They are not required on RHEL 7 machines if there is no init script for the directive.
These are added for backwards compatibility because up until more recent releases installs used the old init system even on RHEL 7 installs.
These are added for backwards compatibility because up until more recent releases installs used the old init system even on RHEL 7 installs.
Re: Sudo permissions for Nagios user account
Thanks Scott. Could you please advise on equivalent commands we need to add to sudoers for nagios account to restart the services in RHEL 7?
Also when we tried to restart a service using nagios user, its prompting to enter the nagios user password. As this account is created by the nagios installation script, we don’t know the password. Could you please advise how to test if nagios account is having access to restart the nagios services?
[xx@sdysdf /usr/local/nagios]$ sudo su - nagios -s /bin/bash
xx`s password:
-bash-4.2$ id
uid=992(nagios) gid=988(nagios) groups=988(nagios),1470(nagcmd)
-bash-4.2$ sudo systemctl restart snmptt
nagios`s password:
Also when we tried to restart a service using nagios user, its prompting to enter the nagios user password. As this account is created by the nagios installation script, we don’t know the password. Could you please advise how to test if nagios account is having access to restart the nagios services?
[xx@sdysdf /usr/local/nagios]$ sudo su - nagios -s /bin/bash
xx`s password:
-bash-4.2$ id
uid=992(nagios) gid=988(nagios) groups=988(nagios),1470(nagcmd)
-bash-4.2$ sudo systemctl restart snmptt
nagios`s password:
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Sudo permissions for Nagios user account
These should all be handled through the /usr/local/nagiosxi/scripts/manage_services.sh script now which should be in your sudoers file such as
Code: Select all
/usr/local/nagiosxi/scripts/manage_services.sh restart nagiosRe: Sudo permissions for Nagios user account
Thanks Scott, yep script is added to sudoers and able to restart services using that script.
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Sudo permissions for Nagios user account
Great!kandatih wrote:Thanks Scott, yep script is added to sudoers and able to restart services using that script.
Locking thread