Bug in reporting permissions problems with config files - nagios 2.0b4

John P. Rouillard rouilj at cs.umb.edu
Thu Oct 6 23:00:54 CEST 2005


Hi all:

Looks like there is a minor bug with reporting problems with
permissions of config files.  When running it in the verify mode,
nagios doesn't attempt to change to the nagios
user/group. I.E. drop_privileges isn't called. So access occurs an
usual.

However when running as a daemon (normally), it calls drop_privileges
after the main config file is read, but not before the rest of the
config files are read.

  main()
      result=read_main_config_file(config_file);
      /* drop privileges */
      if(drop_privileges(nagios_user,nagios_group)==ERROR){
                                              [ user id is nagios now]
      ...
      /* read in all object config data */
     if(result==OK)
         result=read_all_object_data(config_file);

As a result the daemon fails with an error saying to run "nagios -v"
to verify the config files. However since nagios -v never drops
privs, it never sees the problem.

To replicate:

    change the permisions on one of the nagios cfg files so that the nagios
	user can't read it.

    run "nagios -v" as root all should be well.
    run "nagios" as root it will fail to start.

Possible fix: report a permissions problem on the file that failed to open.

				-- rouilj
John Rouillard
===========================================================================
My employers don't acknowledge my existence much less my opinions.


-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl




More information about the Developers mailing list