Permission Denied on check_nt

Paul Broadwith paul.broadwith at blueivy.co.uk
Thu Jul 19 20:43:00 CEST 2007


Hi Marc,

To answer your questions:

1. None of the check_nt commands I have are running successfully. All of
them are failing with 'Permission denied' in the Status Information
column of the web interface.

2. Nagios is running under the user 'nagios'. Output of the 'ps -A u'
command:

===
nagios   30049  0.0  0.0  27384  1356 ?        Ssl  18:57   0:00
/usr/bin/nagios
===

3. nagios_user is nagios:

===
nagios_user=nagios
nagios_group=nagios
===

I included the nagios_group bit as I thought the nagios group was
actually nagiocmd.

The permissions on the 'plugins' directory and all of the plugins were
root.root, but are now as follows:

===
drwxr-xr-x  2 root   root      4096 Jul 19 12:02 cgi
drwxr-xr-x  4 nagios nagiocmd  4096 Jul 19 12:02 plugins
===

After I changed them I restarted both Apache and Nagios but still
getting the same error.

4. No avc messages in /var/log/messages so I assume SELinux isn't
running.

Happy to let somebody have a look around the server via SSH if they
wish. Short of rebuilding the server I'm not sure what to do myself!

As an aside I couldn't get Nagios running at first because it couldn't
write the .pid file in /var/run. I changed the location of the .pid file
to the /var/log/nagios and it worked fine. That also seemed to be
permissions based even though I had given Nagios full access to the
/var/run directory. Below is a full 'ps -A u' from the server in case
anything running is causing problems:

===
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.0   2036   640 ?        Ss   13:40   0:00 init
[3]
root         2  0.0  0.0      0     0 ?        S    13:40   0:00
[migration/0]
root         3  0.0  0.0      0     0 ?        SN   13:40   0:00
[ksoftirqd/0]
root         4  0.0  0.0      0     0 ?        S    13:40   0:00
[watchdog/0]
root         5  0.0  0.0      0     0 ?        S<   13:40   0:00
[events/0]
root         6  0.0  0.0      0     0 ?        S<   13:40   0:00
[khelper]
root         7  0.0  0.0      0     0 ?        S<   13:40   0:00
[kthread]
root        10  0.0  0.0      0     0 ?        S<   13:40   0:00
[kblockd/0]
root        11  0.0  0.0      0     0 ?        S<   13:40   0:00
[kacpid]
root        86  0.0  0.0      0     0 ?        S<   13:40   0:00
[cqueue/0]
root        89  0.0  0.0      0     0 ?        S<   13:40   0:00 [khubd]
root        91  0.0  0.0      0     0 ?        S<   13:40   0:00
[kseriod]
root       150  0.0  0.0      0     0 ?        S    13:40   0:00
[pdflush]
root       151  0.0  0.0      0     0 ?        S    13:40   0:00
[pdflush]
root       152  0.0  0.0      0     0 ?        S<   13:40   0:00
[kswapd0]
root       153  0.0  0.0      0     0 ?        S<   13:40   0:00 [aio/0]
root       307  0.0  0.0      0     0 ?        S<   13:40   0:00
[kpsmoused]
root       328  0.0  0.0      0     0 ?        S<   13:40   0:00
[kmirrord]
root       333  0.0  0.0      0     0 ?        S<   13:40   0:00
[ksnapd]
root       336  0.0  0.0      0     0 ?        S<   13:40   0:01
[kjournald]
root       368  0.0  0.0      0     0 ?        S<   13:40   0:00
[kauditd]
root       402  0.0  0.0   2664  1124 ?        S<s  13:40   0:00
/sbin/udevd -d
root      1022  0.0  0.0   4216   936 pts/0    R+   19:40   0:00 ps -A u
root      1256  0.0  0.0      0     0 ?        S<   13:40   0:00
[kjournald]
root      1767  0.0  0.0   2280   548 ?        Ss   13:41   0:00
/sbin/dhclient -1 -q -lf /var/lib/dhclie
root      1870  0.0  0.3   9544  7900 ?        Ss   13:41   0:00
/usr/sbin/restorecond
root      1886  0.0  0.0  12076   680 ?        S<sl 13:41   0:08 auditd
root      1888  0.0  0.1   9612  3720 ?        S<s  13:41   0:07 python
/sbin/audispd
root      1906  0.0  0.0   1692   580 ?        Ss   13:41   0:00 syslogd
-m 0
root      1909  0.0  0.0   1640   396 ?        Ss   13:41   0:00 klogd
-x
root      1944  0.0  0.0   2128   508 ?        Ss   13:41   0:00
mcstransd
rpc       1966  0.0  0.0   1776   552 ?        Ss   13:41   0:00 portmap
root      1991  0.0  0.0   1784   724 ?        Ss   13:41   0:00
rpc.statd
root      2032  0.0  0.0   4936   556 ?        Ss   13:41   0:00
rpc.idmapd
dbus      2059  0.0  0.0  12956   928 ?        Ssl  13:41   0:00
dbus-daemon --system
root      2075  0.0  0.0   2120   756 ?        Ss   13:41   0:00
/usr/sbin/hcid
root      2081  0.0  0.0   1708   500 ?        Ss   13:41   0:00
/usr/sbin/sdpd
root      2102  0.0  0.0      0     0 ?        S<   13:41   0:00
[krfcommd]
root      2150  0.0  0.0  12692  1276 ?        Ssl  13:41   0:00 pcscd
root      2173  0.0  0.0   1876   448 ?        Ss   13:41   0:00
/usr/bin/hidd --server
root      2192  0.0  0.0   9336  1116 ?        Ssl  13:41   0:00
automount
root      2215  0.0  0.0   1636   536 ?        Ss   13:41   0:00
/usr/sbin/acpid
root      2230  0.0  0.0   9580  1948 ?        Ss   13:41   0:00 cupsd
root      2248  0.0  0.0   5172   952 ?        Ss   13:41   0:00
/usr/sbin/sshd
root      2272  0.0  0.0   8500  1636 ?        Ss   13:41   0:00
sendmail: accepting connections
smmsp     2281  0.0  0.0   7544  1444 ?        Ss   13:41   0:00
sendmail: Queue runner at 01:00:00 for /var/spool/clientmqueue
root      2297  0.0  0.0   1868   364 ?        Ss   13:41   0:00 gpm -m
/dev/input/mice -t exps2
root      2328  0.0  0.0   5220  1176 ?        Ss   13:41   0:00 crond
root      2357  0.0  0.0   2200   424 ?        Ss   13:41   0:00
/usr/sbin/atd
root      2381  0.0  1.3  41664 28496 ?        S    13:41   0:19
/usr/bin/python /usr/sbin/yum-updatesd
68        2396  0.0  0.1   5312  3556 ?        Ss   13:41   0:00 hald
root      2397  0.0  0.0   3100   984 ?        S    13:41   0:00
hald-runner
68        2403  0.0  0.0   1968   804 ?        S    13:41   0:00
hald-addon-acpi: listening on acpid socket /var/run/acpid.socket
68        2407  0.0  0.0   1968   796 ?        S    13:41   0:00
hald-addon-keyboard: listening on /dev/input/event0
root      2420  0.0  0.0   1920   620 ?        S    13:41   0:02
hald-addon-storage: polling /dev/hdd
root      2422  0.0  0.0   1920   624 ?        S    13:41   0:00
hald-addon-storage: polling /dev/hdc
root      2503  0.0  0.0   1952   524 ?        S    13:41   0:00
/usr/sbin/smartd -q never
root      2506  0.0  0.0   1628   444 tty1     Ss+  13:41   0:00
/sbin/mingetty tty1
root      2507  0.0  0.0   1628   444 tty2     Ss+  13:41   0:00
/sbin/mingetty tty2
root      2518  0.0  0.0   1628   440 tty3     Ss+  13:41   0:00
/sbin/mingetty tty3
root      2521  0.0  0.0   1628   444 tty4     Ss+  13:41   0:00
/sbin/mingetty tty4
root      2522  0.0  0.0   1624   440 tty5     Ss+  13:41   0:00
/sbin/mingetty tty5
root      2523  0.0  0.0   1628   440 tty6     Ss+  13:41   0:00
/sbin/mingetty tty6
root      2569  0.0  0.1   8028  2424 ?        Ss   13:41   0:01 sshd:
root at pts/0
root      2592  0.0  0.0   4608  1452 pts/0    Ss   13:41   0:00 -bash
nagios   32569  0.0  0.0  27388  1336 ?        Ssl  19:29   0:00
/usr/bin/nagios -d /etc/nagios/nagios.cfg
root     32595  0.0  0.3  22032  8064 ?        Ss   19:29   0:00
/usr/sbin/httpd
apache   32597  0.0  0.2  22092  5432 ?        S    19:29   0:00
/usr/sbin/httpd
apache   32598  0.0  0.2  22092  5416 ?        S    19:29   0:00
/usr/sbin/httpd
apache   32599  0.0  0.2  22092  5432 ?        S    19:29   0:00
/usr/sbin/httpd
apache   32600  0.0  0.2  22092  5440 ?        S    19:29   0:00
/usr/sbin/httpd
apache   32601  0.0  0.2  22092  5428 ?        S    19:29   0:00
/usr/sbin/httpd
apache   32602  0.0  0.2  22092  5348 ?        S    19:29   0:00
/usr/sbin/httpd
apache   32603  0.0  0.2  22092  5436 ?        S    19:29   0:00
/usr/sbin/httpd
apache   32604  0.0  0.2  22092  5432 ?        S    19:29   0:00
/usr/sbin/httpd
===

Kind regards,

Paul Broadwith MBCS
Blue Ivy Ltd - Microsoft Small Business Specialist, UK Partner Qualified
for 2007

Tel.: 0800 612 0601
Windows Messenger: paul.broadwith at blueivy.co.uk
Web: http://www.blueivy.co.uk
Blog: http://blog.blueivy.co.uk


-----Original Message-----
From: nagios-users-bounces at lists.sourceforge.net
[mailto:nagios-users-bounces at lists.sourceforge.net] On Behalf Of Marc
Powell
Sent: 19 July 2007 19:24
To: nagios-users at lists.sourceforge.net
Subject: Re: [Nagios-users] Permission Denied on check_nt

<leaving response intact for the benefit of the archives>

> -----Original Message-----
> From: Paul Broadwith [mailto:paul.broadwith at blueivy.co.uk]
> Sent: Thursday, July 19, 2007 12:34 PM
> To: Marc Powell
> Subject: RE: [Nagios-users] Permission Denied on check_nt
> 
> Hi Marc,
> 
> The output from the Nagios.log for the unsuccessful command is:
> 
> ===
> [1184854600] SERVICE ALERT: MYHOST;Drive Space -
> D:;CRITICAL;HARD;3;Permis
> sion denied
> [1184854600] SERVICE NOTIFICATION:
> blueivy_client_monitoring;MYHOST;Drive
> Space - D:;CRITICAL;notify-by-email;Permission denied
> ===
> 
> (this is only one entry - all the services to this box fails but they
> all say the same thing). The last one about the notify-by-email I can
> sort once I get the monitoring sorted!
> 
> The plugin checking the diskspace on the Nagios server itself uses
> $USER1$ so I'm putting two and two together and assuming it is
correct.
> 
> I did as you suggested and added 'echo' at the start of the command
and
> the output in the 'Status Information' column of the web interface is:
> 
> ===
> /usr/lib/nagios/plugins/check_nt -H 192.168.100.20 -p 12489 -v
> USEDDISKSPACE -l d -w 80 -c 90
> ===
> 
> Which as far as I can see is correct.
> 
> I copied that command above and pasted it into the terminal command
> window and ran it (under root and nagios) and it returned the correct
> information:
> 
> ===
> d:\ - total: 129.51 Gb - used: 84.47 Gb (65%) - free 45.04 Gb (35%) |
> 'd:\ Used Space'=84.47Gb;103.61;116.56;0.00;129.51
> ===
> 
> You asked if I changed the check from some other configuration. My
> installation of Nagios didn't come with check_nt anywhere so I got it
> from the page I set Nagios up from
> (http://www.maxsworld.org/index.php/how-tos/nagios), removed the -s
> option and added it to the commands.cfg file.
> 
> There is only one instance of 'nagios' running (according to ps).
> 
> For the second issue, SELinux is not enabled (according to the CentOS
> Setup it's disabled) and as far as I know I have followed the
> instructions carefully. I will go over them again though.

We're definitely getting really obscure now. Pretty clearly you're
experiencing a standard permissions issue for both commands. Everything
we've looked at so far has been correct. Do you have other check_nt
commands that are working successfully? Is nagios really running as the
user nagios? Does the value of nagios_user in nagios.cfg match the owner
of the plugins? The plugins are executable by that user? I know you're
testing as the nagios user but the possibility exists that nagios isn't
running as that user. I would be doubly sure that SELinux isn't enabled
by verifying that you don't see avc denied messages in /var/log/messages
but that's probably not the issue. Beyond that, I'm not really sure
where to go...

--
Marc


------------------------------------------------------------------------
-
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when
reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null


----------------------------------------------------------------------------------------------------------------------------------------------

Blue Ivy Limited is a limited company registered in Scotland.
Registered company number: SC 221649.  Registered VAT number: GB 774 8460 88.
Registered Office: 67 Kelburn Street, Barrhead, Glasgow, G78 1LD

This message and any associated files is intended only for the use of nagios-users at lists.sourceforge.net and may contain information that is confidential, subject to copyright or constitutes a trade secret. If you are not nagios-users at lists.sourceforge.net you are hereby notified that any dissemination, copying or distribution of this message, or files associated with this message, is strictly prohibited. If you have received this message in error, please notify paul.broadwith at blueivy.co.uk immediately by replying to the message and then deleting it from your computer. 

Any views or opinions presented are solely those of the author paul.broadwith at blueivy.co.uk and do not necessarily represent those of the company.

----------------------------------------------------------------------------------------------------------------------------------------------


-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list