Bug ID 1003362
Summary server:monitoring/nagios: Bug
Classification openSUSE
Product openSUSE.org
Version unspecified
Hardware x86-64
OS openSUSE 42.1
Status NEW
Severity Normal
Priority P5 - None
Component 3rd party software
Assignee lars.vogdt@suse.com
Reporter ian.mcconnell@denbridgemarine.com
QA Contact opensuse-communityscreening@forge.provo.novell.com
CC nix@opensuse.org
Found By ---
Blocker ---

Created attachment 696185 [details]
Fix permissions on command files.

nagios creates the following files with the wrong permissions:
# ls -l /var/spool/nagios/
srw-rw---- 1 nagios nagios 0 Oct  6 13:47 live
prw-rw---- 1 nagios nagios 0 Oct  6 13:47 nagios.cmd

For nagvis to access them, they need to be in group "nagcmd"
srw-rw---- 1 nagios nagcmd 0 Oct  6 13:47 live
prw-rw---- 1 nagios nagcmd 0 Oct  6 13:47 nagios.cmd

Since "nagios.cmd" is a named pipe, the permission can be changed once to
correct it, but "live" needs changing each time "nagios" is run.

The following lines in /etc/nagios/nagios.cfg set these files:
command_file=/var/spool/nagios/nagios.cmd
broker_module=/usr/lib/check_mk/livestatus-nagios4.o /var/spool/nagios/live

I noticed that the file "/usr/lib/nagios/nagios-exec-start-pre"
tried to set these permissions by setting the variable nagios_cmdgrp.

nagios_cmdgrp="$(get_var nagios_cmdgrp)"

but nagois_cmdgrp isn't in /etc/nagios/nagios.cfg. It can't be
added as nagios complains about an unknown definition and won't start.

Also the line
: ${nagios_cmdgrp:-nagcmd}

doesn't seem to work for me when /bin/sh is linked to bash
/bin/sh --version
GNU bash, version 4.2.47(1)-release (x86_64-suse-linux-gnu)


nagios_cmdgrp=""
echo $nagios_cmdgrp 

: ${nagios_cmdgrp:-nagcmd}
echo $nagios_cmdgrp 

: ${nagios_cmdgrp:=nagcmd}
echo $nagios_cmdgrp 
nagcmd
nagios_cmdgrp="xxxx"
: ${nagios_cmdgrp:=nagcmd}
echo $nagios_cmdgrp 
xxxx

Unfortunately changing
: ${nagios_cmdgrp:-nagcmd}
to
: ${nagios_cmdgrp:=nagcmd}
doesn't fix the permissions on the command files
# ls -l /var/spool/nagios/
srw-rw---- 1 nagios nagios 0 Oct  6 14:16 live
prw-rw---- 1 nagios nagios 0 Oct  6 14:16 nagios.cmd

as these are created after the process "nagios" starts.

A workaround is to add the line
ExecStartPost=/usr/lib/nagios/nagios-exec-start-post
to nagios.service. I have attached the nagios-exec-start-post script.

This works with
# systemctl start nagios.service 
# systemctl restart nagios.service

but for
# systemctl reload nagios.service
I get the wrong permissions:
# ls -l /var/spool/nagios/
srw-rw---- 1 nagios nagios 0 Oct  6 14:23 live
prw-rw---- 1 nagios nagcmd 0 Oct  6 14:16 nagios.cmd


These are the nagios packages I installed:
nagios-4.2.1-1.1.x86_64
nagios-www-4.2.1-1.1.x86_64
nagios-www-dch-4.2.1-1.1.x86_64
pnp4nagios-0.6.25-6.24.x86_64
pnp4nagios-nagios-0.6.25-6.24.x86_64
nagvis-1.8.5-3.1.noarch
mk-livestatus-1.2.8p11-3.2.x86_64


You are receiving this mail because: