coredumps

[Larry Low]

> -----Original Message-----
> From: nagios-devel-bounces at lists.sourceforge.net [mailto:nagios-devel-
> bounces at lists.sourceforge.net] On Behalf Of Andrew Ivanov
> Sent: Wednesday, December 05, 2007 6:32 AM
> To: 'Nagios Developers List'
> Subject: Re: [Nagios-devel] coredumps
> 
> Andreas Ericsson wrote:
> > >
> > > Can it be that many Nagios community people have to set $HOME to
> > > ~nagios because of no homedir determination?
> > >
> > > $HOME points to ~root unless explicitly set, and surely nagios
> can't
> write
> > > there.
> >
> > The point is that when run as root, nagios really shouldn't dump
> core,
> > and especially not if it has read anything in /etc, since the
> coredump
> > can then contain snippets of files best kept for the eyes of root
> only.
> >
> > > And.. I was confused with the fact that '$HOME' is not nagios's
> home.
> > >
> >
> > You don't have to start nagios as root. You can do
> >
> > 	su - nagios -c "nagios -f nagios.cfg"
> >
> > in your startup script.
> 
> I think it's a mistake. Nagios drops privileges if ran by root.
> And there is invocation line from the source example daemon-init
> script:
> 
> $NagiosBin -d $NagiosCfgFile
> 
> there is no 'su' at all. 'su -' is used also, but only in pre-cmd
> phase:
> 
> su - $NagiosUser -c "touch $NagiosVarDir/nagios.log
> $NagiosRetentionFile"

Unrelated to this conversation but this should really be:

touch $NagiosVarDir/nagios.log $NagiosRetentionFile
chown $NagiosUser:$NagiosGroup $NagiosVarDir/nagios.log $NagiosRetentionFile

Otherwise the nagios user needs a shell other than /sbin/nologin

> 
> I use similar script and can see that all Nagios processes are owned by
> user
> nagios,
> but HOME=/root (as expected)!
> 
> >
> > > I just wanted to make things a little easier to configure.
> > >
> >
> > In that case, make it a config variable in nagios.cfg. Something
> along
> > the lines of "runtime_directory" or something should work ok, and
> make
> > nagios bail if it can't change to that directory when daemonizing. It
> > doesn't change directory at all unless it goes into daemon mode.
> 
> It will be so strange to have one more variable for cores.
> There is code from base/util.c:
> 
>         /* change working directory. scuttle home if we're dumping core
> */
>         homedir=getenv("HOME");
>         if(daemon_dumps_core==TRUE && homedir!=NULL)
>                 chdir(homedir);
>         else
>                 chdir("/");
> 
> Keeping in mind example above (HOME==/root), one might conclude that
> code
> is inconsistent, and will never work without manual intervention.
> 
> >
> > --
> > Andreas Ericsson                   andreas.ericsson at op5.se
> > OP5 AB                             www.op5.se
> > Tel: +46 8-230225                  Fax: +46 8-230231
> 
> With best regards,
> Andrew.
> 
> 
> -----------------------------------------------------------------------
> --
> SF.Net email is sponsored by: The Future of Linux Business White Paper
> from Novell.  From the desktop to the data center, Linux is going
> mainstream.  Let it simplify your IT future.
> http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4
> _______________________________________________
> Nagios-devel mailing list
> Nagios-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-devel


-------------------------------------------------------------------------
SF.Net email is sponsored by: The Future of Linux Business White Paper
from Novell.  From the desktop to the data center, Linux is going
mainstream.  Let it simplify your IT future.
http://altfarm.mediaplex.com/ad/ck/8857-50307-18918-4