Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Sudo permissions for Nagios user account

https://support.nagios.com/forum/viewtopic.php?t=53907

Page 1 of 1

Sudo permissions for Nagios user account

Posted: Thu May 16, 2019 6:45 pm
by kandatih
Hi guys,
we are running Nagios XI 5.6.1 on RHEL 7.5 OS. From a previous topic we understand below are few of the sudo commands to be allowed for nagios user account. we are not sure whether these are valid commands, because we dont see nagios, ndo2db, npcd scripts under /etc/init.d directory.

Could you please confirm if there is an script that we need to run to get copy the startup scripts to /etc/init.d directory? If this is not the case could you please confirm the service restart commands that need to be allowed for nagios user account?

NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios start
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios stop
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios restart
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios reload
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios status
NAGIOSXI ALL = NOPASSWD:/etc/init.d/nagios checkconfig
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db start
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db stop
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db restart
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db reload
NAGIOSXI ALL = NOPASSWD:/etc/init.d/ndo2db status
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd start
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd stop
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd restart
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd reload
NAGIOSXI ALL = NOPASSWD:/etc/init.d/npcd status

Please let me know if you need more info. Thanks in advance for any responses.

Re: Sudo permissions for Nagios user account

Posted: Fri May 17, 2019 8:44 am
by scottwilkerson
They are not required on RHEL 7 machines if there is no init script for the directive.

These are added for backwards compatibility because up until more recent releases installs used the old init system even on RHEL 7 installs.

Re: Sudo permissions for Nagios user account

Posted: Sun May 19, 2019 3:18 pm
by kandatih
Thanks Scott. Could you please advise on equivalent commands we need to add to sudoers for nagios account to restart the services in RHEL 7?

Also when we tried to restart a service using nagios user, its prompting to enter the nagios user password. As this account is created by the nagios installation script, we don’t know the password. Could you please advise how to test if nagios account is having access to restart the nagios services?

[xx@sdysdf /usr/local/nagios]$ sudo su - nagios -s /bin/bash
xx`s password:
-bash-4.2$ id
uid=992(nagios) gid=988(nagios) groups=988(nagios),1470(nagcmd)
-bash-4.2$ sudo systemctl restart snmptt
nagios`s password:

Re: Sudo permissions for Nagios user account

Posted: Mon May 20, 2019 7:10 am
by scottwilkerson
These should all be handled through the /usr/local/nagiosxi/scripts/manage_services.sh script now which should be in your sudoers file such as

Code: Select all

/usr/local/nagiosxi/scripts/manage_services.sh restart nagios

Re: Sudo permissions for Nagios user account

Posted: Mon May 20, 2019 1:46 pm
by kandatih
Thanks Scott, yep script is added to sudoers and able to restart services using that script.

Re: Sudo permissions for Nagios user account

Posted: Mon May 20, 2019 4:11 pm
by scottwilkerson
kandatih wrote:Thanks Scott, yep script is added to sudoers and able to restart services using that script.
Great!

Locking thread
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited