[PATCH 1/2] nagios: Check execution permission on nagios_binary_path only after drop_privileges

Ricardo Jose Maraschini ricardo.maraschini at opservices.com.br
Thu Nov 29 17:49:21 CET 2012


From: Ricardo Maraschini <ricardo.maraschini at opservices.com.br>

Moved check for execution permission on nagios binary to after
drop daemon's privileges once workers only start to run as
configurated nagios user, while nagios itself may start as root.

Signed-off-by: Ricardo Maraschini <ricardo.maraschini at opservices.com.br>

---
 base/nagios.c |   21 ++++++++++++---------
 1 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/base/nagios.c b/base/nagios.c
index a5603bc..bbc5a2f 100644
--- a/base/nagios.c
+++ b/base/nagios.c
@@ -435,17 +435,10 @@ int main(int argc, char **argv, char **env) {
 		 * it absolute so we can launch our workers.
 		 * If not, we needn't bother, as we're using execvp()
 		 */
-		if (strchr(argv[0], '/')) {
+		if (strchr(argv[0], '/'))
 			nagios_binary_path = nspath_absolute(argv[0], NULL);
-			if (access(nagios_binary_path, X_OK) < 0) {
-				logit(NSLOG_RUNTIME_ERROR, TRUE, "Error: failed to access() %s: %s\n", nagios_binary_path, strerror(errno));
-				logit(NSLOG_RUNTIME_ERROR, TRUE, "Error: Spawning workers will be impossible. Aborting.\n");
-				exit(EXIT_FAILURE);
-				}
-			}
-		else {
+		else
 			nagios_binary_path = strdup(argv[0]);
-		}
 
 		nagios_iobs = iobroker_create();
 
@@ -481,6 +474,16 @@ int main(int argc, char **argv, char **env) {
 				exit(EXIT_FAILURE);
 				}
 
+			/*
+			 * in order to spawn workers, we need to have
+			 * exec permission as nagios_user on
+			 * nagios_binary_path file.
+			 */
+			if (access(nagios_binary_path, X_OK) < 0) {
+				logit(NSLOG_RUNTIME_ERROR, TRUE, "Error: failed to access() %s: %s\n", nagios_binary_path, strerror(errno));
+				logit(NSLOG_RUNTIME_ERROR, TRUE, "Error: Spawning workers will be impossible. Aborting.\n");
+				exit(EXIT_FAILURE);
+			}
 #ifdef USE_EVENT_BROKER
 			/* initialize modules */
 			neb_init_modules();
-- 
1.7.4.1



------------------------------------------------------------------------------
Keep yourself connected to Go Parallel: 
VERIFY Test and improve your parallel project with help from experts 
and peers. http://goparallel.sourceforge.net




More information about the Developers mailing list