[naemon-users] thruk failed to connect - Permission denied. (/var/cache/naemon/live)
Burke, Andrew
Andrew.Burke at fisglobal.com
Thu Jan 26 10:21:19 CET 2017
Hi all.
I upgraded my Centos box ,thruk and naemon to the latest version a couple of days ago. Below is my version info.
[root at myhost ~]# cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)
[root at myhost ~]# rpm -qa | grep 'thruk\|naemon'
thruk-plugin-reporting-2.12-3.x86_64
naemon-devel-1.0.6-1.el7.centos.x86_64
libnaemon-1.0.6-1.el7.centos.x86_64
naemon-tools-1.0.6-1.el7.centos.x86_64
libthruk-2.10-1.el7.centos.x86_64
naemon-thruk-1.0.6-1.el7.centos.x86_64
naemon-core-1.0.6-1.el7.centos.x86_64
thruk-base-2.12-3.x86_64
naemon-1.0.6-1.el7.centos.x86_64
naemon-debuginfo-1.0.3-1.el7.centos.x86_64
naemon-core-dbg-1.0.6-1.el7.centos.x86_64
naemon-livestatus-1.0.6-1.el7.centos.x86_64
thruk-2.12-3.x86_64
I thought everything had gone well but noticed an issue after a restart yesterday. The thruk ui tells me there is no backend available and the thruk log has entries confirming this.
[root at myhost ~]# tail /var/log/thruk/thruk.log
[2017/01/25 12:18:22][myhost][ERROR][Thruk] No Backend available
[2017/01/25 12:18:22][myhost][ERROR][Thruk] on page: http://myhost.example.com/thruk/cgi-bin/status.cgi?host=all&_=1485346700788
[2017/01/25 12:18:22][myhost][ERROR][Thruk] Naemon: ERROR: failed to connect - Permission denied. (/var/cache/naemon/live)
There is a naemon user and group and they own the Naemon process and files, thruk runs with the apache user and this user was added to the naemon group.
[root at myhost ~]# ps aux | grep '[t]hruk\|[h]ttpd\|[n]aemon'
naemon 1134 0.0 0.0 303956 868 ? S 10:11 0:00 /usr/local/pnp4nagios/bin/npcd -d -f /usr/local/pnp4nagios/etc/npcd.cfg
naemon 8601 0.3 0.4 157116 8316 ? Ss 12:07 0:06 /usr/bin/naemon --daemon /etc/naemon/naemon.cfg
naemon 8602 0.0 0.0 17628 1280 ? S 12:07 0:00 /usr/bin/naemon --worker /var/lib/naemon/naemon.qh
naemon 8603 0.0 0.0 17628 1288 ? S 12:07 0:00 /usr/bin/naemon --worker /var/lib/naemon/naemon.qh
naemon 8604 0.0 0.0 17628 1280 ? S 12:07 0:00 /usr/bin/naemon --worker /var/lib/naemon/naemon.qh
naemon 8605 0.0 0.0 17628 1280 ? S 12:07 0:00 /usr/bin/naemon --worker /var/lib/naemon/naemon.qh
naemon 8606 0.0 0.2 91512 5400 ? S 12:07 0:00 /usr/bin/naemon --daemon /etc/naemon/naemon.cfg
root 8808 0.0 0.8 349364 16100 ? Ss 12:07 0:00 /usr/sbin/httpd -DFOREGROUND
root 8818 0.0 1.3 126612 24824 ? S 12:07 0:00 perl -x /usr/share/thruk/thruk_auth
apache 8820 0.0 0.2 299556 4292 ? S 12:07 0:00 /usr/sbin/httpd -DFOREGROUND
apache 8821 0.0 0.4 349676 7972 ? S 12:07 0:00 /usr/sbin/httpd -DFOREGROUND
apache 8822 0.0 0.4 349704 7864 ? S 12:07 0:00 /usr/sbin/httpd -DFOREGROUND
apache 8823 0.0 0.4 349696 7844 ? S 12:07 0:00 /usr/sbin/httpd -DFOREGROUND
apache 8824 0.0 0.4 350064 8104 ? S 12:07 0:00 /usr/sbin/httpd -DFOREGROUND
apache 8825 0.0 0.4 350064 8236 ? S 12:07 0:00 /usr/sbin/httpd -DFOREGROUND
apache 8853 0.0 2.2 119444 41708 ? S 12:08 0:01 /usr/bin/perl /usr/share/thruk/script/thruk_fastcgi.pl
apache 11149 0.0 0.4 349696 7844 ? S 12:10 0:00 /usr/sbin/httpd -DFOREGROUND
[root@ myhost ~]# id naemon
uid=995(naemon) gid=994(naemon) groups=994(naemon)
[root@ myhost ~]# id apache
uid=48(apache) gid=48(apache) groups=994(naemon),48(apache)
The permissions of the socket file and folders that contain it seem ok.
[root at myhost ~]# ls -lad /var/
drwxr-xr-x. 21 root root 4096 Jan 25 10:10 /var/
[root at myhost ~]# ls -lad /var/cache/
drwxr-xr-x. 10 root root 112 Jan 25 08:56 /var/cache/
[root at myhost ~]# ls -lad /var/cache/naemon/
drwxrwsr-x. 3 naemon naemon 29 Jan 25 12:07 /var/cache/naemon/
[root at myhost ~]# ls -la /var/cache/naemon/live
srw-rw---- 1 naemon naemon 0 Jan 25 12:07 /var/cache/naemon/live
Accessing the livestatus seems ok for root and naemon users but not for apache user.
[root at myhost ~]# echo -e 'GET hosts\nColumns: name\nFilter: host_name = localhost' | unixcat /var/cache/naemon/live
localhost
[root at myhost ~]# su -c "echo -e 'GET hosts\nColumns: name\nFilter: host_name = localhost' | unixcat /var/cache/naemon/live" naemon
localhost
[root at myhost ~]# su -c "echo -e 'GET hosts\nColumns: name\nFilter: host_name = localhost' | unixcat /var/cache/naemon/live" apache
Couldn't connect to UNIX-socket at /var/cache/naemon/live: Permission denied.
If I change the group ownership to apache is then works
[root at myhost ~]# chown naemon:apache /var/cache/naemon/live
[root at myhost ~]# ls -la /var/cache/naemon/live
srw-rw---- 1 naemon apache 0 Jan 25 12:07 /var/cache/naemon/live
[root at myhost ~]# su -c "echo -e 'GET hosts\nColumns: name\nFilter: host_name = localhost' | unixcat /var/cache/naemon/live" apache
localhost
I have other servers running exactly the same setup and they seem ok, must say I am stumped...
Any suggestions?
Thanks
Andrew
The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/naemon-users/attachments/20170126/fc8c6088/attachment.html>
More information about the Naemon-users
mailing list