[Pkg-nagios-devel] Bug#824482: wrong ownership of /etc/icinga2/pki/ leading to errors
Evgeni Golov
evgeni at debian.org
Mon May 16 15:14:04 UTC 2016
Package: icinga2-common
Version: 2.4.7-1
Severity: normal
Ohai,
icinga2-common ships with /etc/icinga2/pki/ owned by root:root and no snipet in postinst to change that:
root at 9b8f92292cf6:/# ls -alh /etc/icinga2/pki/
total 8.0K
drwxr-xr-x 2 root root 4.0K Apr 21 16:44 .
drwxr-x--- 9 nagios nagios 4.0K May 16 15:09 ..
Thus, generating certs on a newly installed intance fails:
root at 9b8f92292cf6:/# icinga2 pki new-cert --cn $(hostname -f) --key /etc/icinga2/pki/$(hostname -f).key --cert /etc/icinga2/pki/$(hostname -f).crt
information/base: Writing private key to '/etc/icinga2/pki/9b8f92292cf6.key'.
critical/SSL: Error while opening private RSA key file '/etc/icinga2/pki/9b8f92292cf6.key': 33558541, "error:0200100D:system library:fopen:Permission denied"
Chowning the folder to nagios:nagios solves the issue:
root at 9b8f92292cf6:/# chown nagios.nagios /etc/icinga2/pki/
root at 9b8f92292cf6:/# icinga2 pki new-cert --cn $(hostname -f) --key /etc/icinga2/pki/$(hostname -f).key --cert /etc/icinga2/pki/$(hostname -f).crt
information/base: Writing private key to '/etc/icinga2/pki/9b8f92292cf6.key'.
information/base: Writing X509 certificate to '/etc/icinga2/pki/9b8f92292cf6.crt'.
Greets
Evgeni
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 4.5.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
More information about the Pkg-nagios-devel
mailing list