NRPE plugin script run as nrpe but shell env is set to root
Posted: Thu Nov 08, 2012 4:39 am
Hi
I've encountered a problem with a NRPE plugin that I'm unable to explain (and thus resolve)...
I have a NRPE plugin (running on RHEL 5.5) written (in house) in BASH that in the last few days started failing and on the Nagios mornitor started appearing the message:
even though the plugin runs as user nrpe on the system
the command "pstree -cpaAul nrpe" gives the output:
I've added the line "export > /tmp/check_lockfile.txt" to the script for debug purposes and the file created by it is owned by user nrpe:
But the shell environment setup is actually for user root:
The plugin shell script is (please don't comment on the quality of the script):
How can this be?
TIA
Paolo
I've encountered a problem with a NRPE plugin that I'm unable to explain (and thus resolve)...
I have a NRPE plugin (running on RHEL 5.5) written (in house) in BASH that in the last few days started failing and on the Nagios mornitor started appearing the message:
Code: Select all
check lockfile CRITICAL 04-11-2012 04:53:22 3d 6h 07m 13s 4/4 ERROR: cannot execute check as user root. Permission denied
Code: Select all
ps -ef | grep lockfile
nrpe 15593 15592 0 10:51 ? 00:00:00 /bin/bash /usr/lib64/nagios/plugins/check_lockfile
Code: Select all
nrpe,15211 -c /etc/nagios/nrpe.cfg -d
nrpe,15712 -c /etc/nagios/nrpe.cfg -d
`-nrpe,15713 -c /etc/nagios/nrpe.cfg -d
`-check_lockfile,15714 /usr/lib64/nagios/plugins/check_lockfile
`-sleep,15715 30
Code: Select all
ls -lrt /tmp/check_lockfile_env.txt
-rw-r--r-- 1 nrpe nrpe 1022 Nov 7 10:51 /tmp/check_lockfile_env.txt
Code: Select all
declare -x G_BROKEN_FILENAMES="1"
declare -x HISTSIZE="1000"
declare -x HOME="/root"
declare -x HOSTNAME="SRVXX.example.com"
declare -x INPUTRC="/etc/inputrc"
declare -x LANG="en_US.UTF-8"
declare -x LESSOPEN="|/usr/bin/lesspipe.sh %s"
declare -x LOGNAME="root"
declare -x LS_COLORS="no=00:fi=00:di=00;34:ln=00;36:pi=40;33:so=00;35:bd=40;33;01:cd=40;33;01:or=01;05;37;41:mi=01;05;37;41:ex=00;32:*.cmd=00;32:*.exe=00;32:*.com=00;32:*.btm=00;32:*.bat=00;32:*.sh=00;32:*.csh=00;32:*.tar=00;31:*.tgz=00;31:*.arj=00;31:*.taz=00;31:*.lzh=00;31:*.zip=00;31:*.z=00;31:*.Z=00;31:*.gz=00;31:*.bz2=00;31:*.bz=00;31:*.tz=00;31:*.rpm=00;31:*.cpio=00;31:*.jpg=00;35:*.gif=00;35:*.bmp=00;35:*.xbm=00;35:*.xpm=00;35:*.png=00;35:*.tif=00;35:"
declare -x MAIL="/var/spool/mail/root"
declare -x OLDPWD
declare -x PATH="/sbin:/usr/sbin:/bin:/usr/bin"
declare -x PWD="/"
declare -x SHELL="/bin/bash"
declare -x SHLVL="5"
declare -x TERM="xterm"
declare -x USER="root"
declare -x _="/usr/lib64/nagios/plugins/check_lockfile"
Code: Select all
#!/bin/bash
# export bash environment into file for debug purposes
export >/tmp/check_lockfile_env.txt
# in order to have enough time to catch it in ps -ef and pstree put a very long sleep
sleep 30
if [ $USER != "nrpe" ]; then
echo "ERROR: cannot execute check as user $USER. Permission denied"
exit 2
fi
if [ -f /var/lock/lockfile ]; then
tnow=$(date +%s)
tfile=$(date +%s -r /var/lock/lockfile)
agesecs=$(($tnow-$tfile))
ageminutes=$(($agesecs/60))
expires=60
if [ $ageminutes -gt $expires ]; then
echo "WARNING: lockfile found"
exit 1
fi
else
echo "OK: no lockfile found"
exit 0
fi
TIA
Paolo