Page 1 of 1
permission /etc/resources.cfg reset by Apply Configuration.
Posted: Tue Oct 26, 2021 11:21 am
by mon-team
Hello,
i need the configuration file /usr/local/nagios/etc/resources.cfg to have limited permission, like this:
-rw------- 1 apache nagios resource.cfg
After every Apply configuration i see that permissions changes and in particular is granted readability to everybody:
-rw-rw---- 1 apache nagios resource.cfg
How can i configure Nagios XI in order to mantain permission 600 ?
From the Nagios Core documentation is reported that the permission can be set to always be 600 or 660, but i've found the way to set this specific configuration.
Could you kindly help me?
Regards
Francesco
Re: permission /etc/resources.cfg reset by Apply Configurati
Posted: Wed Oct 27, 2021 9:40 am
by pbroste
Hello
@mon-team
Thanks for reaching out, and after verifying with my test environment we need to set the owner to 'nagios'.
Code: Select all
chown nagios:nagios /usr/local/nagios/etc/resources.cfg
And
Code: Select all
chmod 600 /usr/local/nagios/etc/resources.cfg
Please let us know how things look,
Perry
Re: permission /etc/resources.cfg reset by Apply Configurati
Posted: Wed Oct 27, 2021 11:03 am
by mon-team
Hello Perry,
on my environment is still not working as expected.
$ chown nagios:nagios resource.cfg
$ chmod 600 resource.cfg
permissions are ok:
-rw------- 1 nagios nagios 3263 Oct 26 16:10 resource.cfg
After an Apply configuration i find this:
-rw-rw-r-- 1 apache nagios 3263 Oct 26 16:10 resource.cfg
with readability granted to everybody.
Regards
Francesco
Re: permission /etc/resources.cfg reset by Apply Configurati
Posted: Wed Oct 27, 2021 4:14 pm
by pbroste
Hello
@mon-team
Thanks for following up; looking into permissions, we see that but would expect 0600 to run into trouble when using configuration wizards/CCM/objects API. The apache user will try to write to the /usr/local/nagios/etc/ directory for each situation (apache should be in the nagios group). However, 0660/0770 should work if they want to lock things down a bit more.
There is a '/usr/local/nagiosxi/scripts/reset_config_perms.sh' script that verifies perms. If you want to edit the config you would want to make adjustments to the following:
.........................
echo "> Setting configuration file/directory permissions"
/bin/chown -R $apacheuser:$nagiosgroup /usr/local/nagios/etc/
/bin/chmod -R 775 /usr/local/nagios/etc/
/bin/chmod ug-s /usr/local/nagios/etc/
........................
Thanks,
Perry
Re: permission /etc/resources.cfg reset by Apply Configurati
Posted: Tue Nov 02, 2021 4:42 am
by mon-team
Thanks for the reply,
no one worksbut i've added at the bottom of /usr/local/nagiosxi/scripts/reset_config_perms.sh this line:
/bin/chmod -R 660 /usr/local/nagios/etc/resource.cfg
permission now is the one i'm expecting and the Apply configuration works.
Thanks
Francesco
Re: permission /etc/resources.cfg reset by Apply Configurati
Posted: Tue Nov 02, 2021 2:37 pm
by pbroste
Hello
@mon-team
Thanks for following up and letting us know that the adjustments to the script worked.
I will go ahead and lock, please let us know if there is anything further that you need,
Perry