I've been banging my head against the wall for the past few days on this and promise I looked everywhere. If I'm wrong please teach me with a link :)
I'm trying to schedule downtime for some services and haven't been able to make it happen via the command line or the web GUI. For some reason the only thing I can do is commit host comments/downtime via the GUI and nothing else anywhere else. I should also mention that a cronjob of the scheduled downtime will show up in the Nagios web interface comments, but still doesn't work. The only difference I notice is the author as indicated by the GUI for host down time is "nagiosadmin" and of the non-working downtimes is "nagios" I did try chown'ing file paths with nagiosadmin.
Here are the relevant deets:
nagios.cfg
check_external_commands=1
nagios_user=nagios
nagios_group=nagios
command_file=/usr/local/nagios/var/rw/nagios.cmd
I have changed the permissions and owners for this directory MANY times, nothing seems to work:
ls -l /usr/local/nagios/var/rw
prwxrwxrwx. 1 nagios nagcmd 0 Jan 29 21:27 nagios.cmd
srw-rw----. 1 nagios nagcmd 0 Jan 29 14:09 nagios.qh
I added users to groups that they don't really need to be in to no avail:
cat /etc/group:
nagcmd:x:505:nagios,nagiosadmin,apache
nagios:x:501:nagios,apache,nagiosadmin
The script is pointed to the correct file paths but again it won't work from the GUI anyway.
infra2 nagios: Error: External command failed -> SCHEDULE_HOST_DOWNTIME;deploy1;1422507601;1422536401;0;28800;neo-nagios;Scheduled Daily Downtime (low usage period) Jan 29 21:27:20 infra2 nagios: External command error: Command failed
I know this isn't the root of the problem as nothing works from command line but:
ls -l /usr/local/nagios/etc/cgi.cfg -rw-rw-r--. 1 nagios nagios 12015 Jan 29 14:06 /usr/local/nagios/etc/cgi.cfg
ls -l /usr/local/nagios/sbin/cmd.cgi -rwxrwxr-x. 1 nagios nagios 288424 Jan 28 10:17 /usr/local/nagios/sbin/cmd.cgi
GUI error I'm tired of seeing:
"Sorry, but you are not authorized to commit the specified command...yada"
What am I missing?!?! Please help! and thanks in advance
Personnally I use post/get while using the nagios cmd.cgi. You can use curl/wget/etc to call the command with the correct parameters to do what you want as if you used the GUI.
The easiest way is to look at what is sent when you execute a post/get command via the GUI and reproduce it through a wget/curl command. Works like a charm, I personally have automated processes while deploying that call the cmd.cgi from script and auto-downtime or disable/enable services by service or host.
There are some things that appear to be out of sync. In nagios.cfg, you have:
nagios_user=nagios
nagios_group=nagios
But then the group name on nagios.cmd is nagcmd, not nagios.
Additionally, you showed the group assignments for the nagios and nagcmd users, but what user is actually running the commands? Additionally, was nagcmd (or nagios) added as a group to the web user (www-data or apache, depending on the OS)?
Finally, there are some locations that need write permissions, as well. Making sure the correct permissions are added to those directories (and, again, the right users have the nagios or nagcmd group permissions) should help.
See this post for more information:
Nagios - Could not open command file /usr/local/nagios/var/rw/nagios.cmd’ for update
Related
We've just updated Nagios from 3.5.x to the current version (4.0.7) and subsequently added a new host for monitoring.
The new host shows as 'Down' in Nagios, and this seems to be related to the fact that pnp4nagios is not logging performance data (the individual checks for users, http etc are all find).
Initially there was an error that the directory
/usr/local/pnp4nagios/var/perfdata/newhost.com
that contains the xml setup and rrd files for the new host was missing), so I manually created this directory, but now it complains that the files are missing.
Does anyone know the appropriate steps to overcome this issue?
Thanks,
Toby
PS I'd tag this 'pnp4nagios', but that tag doesn't exist and I can't create them
UPDATE
It's possible that pnp4nagios is a red herring/symptom. Looking more closely I realise that Nagios actually believes the host is down, even though all services are up. The host status information is '(Host check timed out after 30.01 seconds)'...does this make any more sense?
It's indeed very unlikely that pnp4nagios has something to do with your host being down. pnp actually exports output and performance data to feed the rrd database and xml files (via npcd module or evenhandler command).
The fact that nagios reports the host check timed out after 30 sec means that :
- you have a problem with your host check command, please double-check the syntax
- this check command times out after a certain timelapse (most likely defined in nagios.conf) because the plugin was still running.
I'd recommend running this command from the server's prompt. You want to do something like :
/path/to/libexec/check_command -H ipaddress -args
For example:
/usr/local/libexec/nagios/check_ping -H 192.168.1.1 -w 200,40% -c 500,80% -timeout 120
See if something might be hanging. Having the output would be helpful.
Once your host check returns correct output and performance data to nagios, pnp will hopefuly do the rest.
In the unlikely event it helps anyone, pnp4nagios was indeed a red herring. The problem was that ping wasn't enabled for the host being checked, and this is the test for whether a host is up or not. Hence this was failing, despite other services being reported as working.
I am trying to make the communication between Nagios and Graphite but couldn't able to write Nagios performance data to the file.
I am referring below mentioned sites:
http://nagios.manubulon.com/traduction/docs25en/perfdata.html
http://nagios.manubulon.com/traduction/docs14en/xpdfile.html
To configure nagios.conf
http://nagios.manubulon.com/traduction/docs25en/configmain.html#host_perfdata_file
Please give some details on the perfdata file.
Make shure the file is writeable by the user your nagios is running with.
For Example:
If you use /usr/local/nagios/var/host-perfdata.dat to store your host performance data and your nagios is running with the user nagios the permission would look like:
-rw-rw-r-- nagios nagios host-perfdata
I have set up a file "import - export" process (using gmail client) in my app that would allow users to share kml files between each other or even just between devices. Please read the steps the user goes through to best understand.
File Out Process:
1) User adds placemarks to map.
2) User saves placemarks in kml format on /sdcard with user defined name (let's say "Saved.kml").
3) User "Exports" Saved.kml via gmail attachment.
File In Process:
1) User saves gmail attachment to Download folder on device.
2) User chooses "Import KML" and selects Saved.kml from list.
3) Everything works perfect! Placemarks appear on map just as exported/expected!
Except for one major flaw... This only works when you use the same device for your importing/exporting. I have two devices; Nexus 7 and LG Motion and it works great on either of them. But I can't get it to work between the two and I'm starting to get very frustrated.
Here is what I have tried:
Manifest changes:
android:sharedUserId="com.xxx.xxx"
android:sharedUserLabel="#string/sharedUserLabel"
Runtime.getRuntime().exec( "chmod 444 Saved.kml" ); // (need to support Android level 4)
Even tried this just before parsing Saved.kml -- importFileIn.renameTo(importFileOut);
and the file gets renamed but still fails to parse.
adb shell shows:
-rw-rw-r-- root sdcard_rw 867 2013-02-28 10:39 Saved.kml
-rw-rw-r-- root sdcard_rw 867 2013-02-28 11:44 SavedRenamed.kml
I used "adb push" and it showed the exact same userid/permissions on the pushed file and still won't load.
I was just at the point of last minute testing before publishing when I caught this.
Testing on the same device never had a single issue... Please help.
Sorry Folks,
Asking this question through Stack Overflow made me type out everything that I've been pondering and finally led me to believe that this is not a file permission problem. By using Log.i I printed out the exception and found out this is actually a "File not found" error. Which of course is a whole different thing! Path error, problem solved!
Thanks for your patience with me.
To be more specific as to try to help: I was pulling data from files in the devices "Download" folder. On the Nexus 7 this is: "/storage/emulated/0/Download". On the LG Motion this is:"/sdcard/Download". By using "root.getAbsolutePath() + "/download" my problem was resolved.
I would like configure apache to create files with personalized owner:group and chmod.
I have an folder of website who need to be manipulated by apache + (ftp) user.
Actually i do an (where 'mygroup' is group of ftp users)
chown www-data:mygroup -R /my/website/files
chmod 770 -R /my/website/files
But when apache2 manipulate files and create files or folders, they have
-rw-r--r-- 1 www-data www-data
Any idea for configure apache2 ?
Edit: Debian 6
There is no real good way to do this AFAIK. Stock version of Apache doesn't have a mechanism to spawn workers under different users per request. All of its workers operate under the user and therefore can't write files as another.
That being said, there are some ways around this.
The first way will require you to run Apache as root. Apache, as it sits on your server, is running under an unprivileged user. Unprivileged users can't change the user that they run under. Only processes run as root can do that. If you are willing to run your Apache as root, there is a multi-process mod available here. What it does is allow you to run each VHOST under a different user (defined in your config). That means you would now also need to set up each user with their own VHOST. This way would work, but you are sacrificing a bit of security by doing this.
The second, more secure, but more "hacky" way to do it would be to run completely new and individual version of Apache for each user. So you have an Apache with its own set of config files JUST for userA, another Apache with its own different and separate set of configs just for userB, etc. Each instance of Apache could listen on a different port (i.e. userA's listens on port 8080, userB on port 8081...). Then you could use some kind of front end reverse proxy to sort it all out and route the traffic to the appropriate Apache instance.
Looks like you are working under openSUSE or SLES.
If so, take a look at the file /etc/apache2/uid.conf...
For the umask: not sure actually. What certainly works is to create a .profile file under the apache users home directory and set the umask in there. But I bet there is a more elegant solution!
I've got a C application using OCI to talk to a database. I'm using the instant client method so there is no standalone Oracle installation on the server - just a couple of libraries that the application is linked against.
Normally, the application runs as user dai, and everything works just fine. But if the application is run as another user (in group dai), it fails to run, reporting:
Error while trying to retrieve text for error ORA-12705
So I can imagine that this is a permissions error, but I'm not sure what files it is trying to access. The permissions of the Oracle libraries are
dai:/dai/oracle/lib> ls -l
total 201872
-rwxrwxrwx 1 dai dai 24719097 16 Feb 2009 libclntsh.a
-rwxrwxrwx 1 dai dai 5972457 16 Feb 2009 libocci.a
-rwxrwxrwx 1 dai dai 72651344 04 Jun 2010 libociei.so
As you can guess the main OCI libraries are statically linked, but there is one dynamically linked library (not sure why, but the AIX instantclient package came with these files...). My LIBPATH looks OK from both users:
LIBPATH=/dai/oracle/lib
Which other permissions do I need to check?
EDIT: I have just tried running truss (AIX equivalent of Linux strace) to see what is happening. I couldn't see it reading any unexpected files when running as the dai user. Truss seemed to have problems tracing a set-uid program - permissions on the C application were set like this:
dai:/dai/bin> ls -l stats_backup
-rwsrwsr-x 1 dai dai 6173358 Aug 12 10:08 stats_backup
So I did chmod a-s and tried again, and it now works!
So the program runs OK without the s-bit, but as soon as I put it back, it breaks again. I can't run truss with the s-bit set, which makes it difficult to find out why this should be. The program doesn't work in other circumstances without the s-bit set, so this isn't a viable solution, but hopefully a pointer to where the problem may be.
There are presumably some Oracle data files located somewhere that your other users don't have access to. According to Google, ORA-12705 happens because the NLS data files (wherever they are) can't be accessed, or perhaps there is some environment variable issue.