[Pkg-nagios-devel] Bug#753397: nagios-nrpe-server: Initscript chown to user nagios hardcoded regardless of configuration

Kali Hernandez kali.hernandez at sociomantic.com
Tue Jul 1 13:19:12 UTC 2014 

Package: nagios-nrpe-server
Version: 2.12-5ubuntu1.2
Severity: normal

Dear Maintainer,
*** Please consider answering these questions, where appropriate ***

    * What led up to the situation?
    * What exactly did you do (or not do) that was effective (or
      ineffective)?
    * What was the outcome of this action?
    * What outcome did you expect instead?

*** End of the template - remove these lines ***

When setting nagios-nrpe-server to run under any user that is not 
nagios, the initscript creates a conflict since it has a chown command 
hardcoded to
user nagios which is the default in the package.

The in the init script as per the package included in ubuntu precise:


*** 43,47 ****
   #since /var/run can be wiped completly we create our run directory here
   if [ ! -d "$PIDDIR" ]; then
         mkdir "$PIDDIR"
         chown nagios "$PIDDIR"
   fi
---


In my nrpe_local.cfg configuration I have nagios set to run as a custom 
user:

nrpe_user=srv-monitor
nrpe_group=srv-monitor


Hence when I restart the server the upstart script will leave the 
permissions messed up and the service will fail to start properly.


IMHO the initscript should either not try to chown the piddir at all, or 
at least parse this setting from /etc/default or any other config,
but the way the package is right now makes unpractical or simply 
impossible to run the service reliably unless with the default "nagios" 
user.

In my cluster I did add this setting as a variable in the header of the 
initscript. Ideally it should be parsed through the relevant 
/etc/default file.

-----
NAGIOS_USER=srv-monitor
[...]
         chown "$NAGIOS_USER" "$PIDDIR"
-----



Cheers,
-kali-



-- System Information:
Debian Release: wheezy/sid
   APT prefers precise-updates
   APT policy: (500, 'precise-updates'), (500, 'precise-security'), 
(500, 'precise'), (100, 'precise-backports')
Architecture: amd64 (x86_64)

Kernel: Linux 3.5.0-51-generic (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages nagios-nrpe-server depends on:
ii  adduser      3.113ubuntu2
ii  libc6        2.15-0ubuntu10.5
ii  libssl1.0.0  1.0.1-4ubuntu5.16
ii  libwrap0     7.6.q-21
ii  lsb-base     4.0-0ubuntu20.3

Versions of packages nagios-nrpe-server recommends:
ii  nagios-plugins        1.4.15-5ubuntu3.2
ii  nagios-plugins-basic  1.4.15-5ubuntu3.2

nagios-nrpe-server suggests no packages.

-- no debconf information

-- 
*Kali Hernandez*  | System Administrator   | Sociomantic Labs 
www.sociomantic.com <https://www.sociomantic.com>   | *T* +49 (0)30 3087 
4615 *M* +49 (0)176 6701 3633 *S* kali.hernandez at sociomantic.com
Follow us on Twitter <http://www.twitter.com/sociomantic> + Facebook 
<http://www.facebook.com/sociomantic> + Blog 
<http://blog.sociomantic.com>  | *We're hiring!*  Check out our Careers 
<http://www.sociomantic.com/careers> page.
Sociomantic Labs Logo
This message and any attachments are confidential and intended solely 
for the use of the individual to whom it is addressed.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-nagios-devel/attachments/20140701/ad2617c0/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sociomantic_logo_wordmark.png
Type: image/png
Size: 3915 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-nagios-devel/attachments/20140701/ad2617c0/attachment.png>

More information about the Pkg-nagios-devel mailing list