[Bug 561633] New: [server:monitoring/nagios-plugins] needs to execute SuSEconfig permissions module
http://bugzilla.novell.com/show_bug.cgi?id=561633 http://bugzilla.novell.com/show_bug.cgi?id=561633#c0 Summary: [server:monitoring/nagios-plugins] needs to execute SuSEconfig permissions module Classification: openSUSE Product: openSUSE.org Version: unspecified Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: 3rd party software AssignedTo: schneemann@b1-systems.de ReportedBy: darin@darins.net QAContact: opensuse-communityscreening@forge.provo.novell.com Found By: --- Blocker: --- When the nagios-plugin package is installed/updated the SuSEconfig permission module should be executed as part of the post installation routines to set any file permissions an administrator is explicitly setting. Various plugins like check_dhcp and check_icmp need to be SETUID in order to properly execute and when the package is updated they are being reset which may cause the check_command to fail and may generate a lot of unnecessary notifications. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=561633
http://bugzilla.novell.com/show_bug.cgi?id=561633#c1
Christian Schneemann
http://bugzilla.novell.com/show_bug.cgi?id=561633
http://bugzilla.novell.com/show_bug.cgi?id=561633#c2
Darin Perusich
How did you change the file permission to these nagios plugins that should be reseted to your settings? Did you use chmod?
I modify the permissions of these files by using the SuSEconfig permissions module, which uses chkstat and chmod to set the permissions based on the security level imposed on the system from /etc/sysconfig/security. Below is how I'm setting the permissions for nagios-plugins. cat /etc/permissions.d/nagios-plugins /usr/lib/nagios/plugins/check_dhcp root:root 4755 /usr/lib/nagios/plugins/check_icmp root:root 4755
The best way to use these plugins would be the usage of sudo, here an excerpt from the README.SUSE file:
This is a matter of opinion and one which adds additional layers of complexity. This package already includes examples for using this method which are included with the package in %docdir/example/permissions.d so supporting it would seem compulsory. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=561633
http://bugzilla.novell.com/show_bug.cgi?id=561633#c3
Darin Perusich
participants (1)
-
bugzilla_noreply@novell.com