Command File error

[Israel Brewster]

Thanks, that did it. I had thought I had disabled SELinux earlier for  
another issue, but apparently I hadn't done it correctly. At any  
rate, it's working now. Thanks.

Israel
On Jul 12, 2006, at 9:02 AM, Marc Powell wrote:

>
>
>> -----Original Message-----
>> From: Israel Brewster [mailto:israel at frontierflying.com]
>> Sent: Wednesday, July 12, 2006 11:12 AM
>> To: Tom Brown; Marc Powell
>> Cc: nagios-users at lists.sourceforge.net
>> Subject: Re: [Nagios-users] Command File error
>>
>
> [chop]
>
>>
>> On Jul 11, 2006 at 8:39 PM, Marc Powell wrote:
>>
>>> And restarted the web server presumably. That leaves 2 likely
>>> possibilities:
>>> 	- one or more of the directories above rw/ are not accessible by
>>> your web server user or
>>> 	- you have SELinux enabled and have not allowed http permissions
>>> by policy. You can use 'audit2allow -l -i /var/log/messages' to see
> if
>>> that's the case.
>>>
>>> I don't use SELinux so I can't provide you with a specific policy.
>>
>> All directories in the path have read and execute permissions set for
>> everybody. Most don't have write permissions, but I wouldn't think
>> that would be an issue. Issuing the command you give returns the
>> following result:
>>
>> allow httpd_sys_script_t usr_t:fifo_file getattr;
>> allow httpd_sys_script_t usr_t:file write;
>> allow unlabeled_t netif_eth0_t:netif rawip_recv;
>>
>> I don't know anything about SELinux though, so I have no clue if this
>> is good, bad, or indifferent. Any thoughts?
>
> Bad. The first two lines indicate that SELinux is preventing httpd  
> from
> accessing a fifo file (nagios.cmd almost certainly). Grep for  
> nagios.cmd
> in /var/log/messages. You'll certainly see 'avc: denied' messages.
> audit2allow presents policy rules that would allow access to things  
> that
> were blocked. Note that they are overly permissive though. You can
> either disable SELinux or modify your policy/permissions for  
> nagios.cmd
> to allow access for httpd. There are numerous messages in the archive
> about SELinux.
>
>>
>> I also tried changing the permissions on the command file and
>> enclosing folder so that anyone could read and write to them, just to
>> see if that would fix the issue, but no change. So apparently it
>> isn't a permissions issue, at least not directly with the file and
>> enclosed folder.
>
> SELinux permissions are above and beyond normal file system  
> permissions.
>
>
> --
> Marc
>
>
> ---------------------------------------------------------------------- 
> ---
> Using Tomcat but need to do more? Need to support web services,  
> security?
> Get stuff done quickly with pre-integrated technology to make your  
> job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache  
> Geronimo
> http://sel.as-us.falkag.net/sel? 
> cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> ::: Please include Nagios version, plugin version (-v) and OS when  
> reporting any issue.
> ::: Messages without supporting info will risk being sent to /dev/null



-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null