Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Bug#478889: permissions for /var/lib/nagios3/rw/nagios.cmd incorrect

126 views
Skip to first unread message

Stephane Chazelas

unread,
May 1, 2008, 12:30:07 PM5/1/08
to
Package: nagios3
Version: 3.0.1-1
Severity: normal


Hiya,

$ sudo ls -ld /var/lib/nagios3{,/rw{,/nagios.cmd}}
drwxr-x--- 5 nagios nagios 4096 2008-04-30 14:46 /var/lib/nagios3
drwx------ 2 nagios www-data 4096 2008-05-01 16:43 /var/lib/nagios3/rw
prw-rw---- 1 nagios nagios 0 2008-05-01 16:41 /var/lib/nagios3/rw/nagios.cmd

$ ls -ld /usr/lib/cgi-bin/nagios3/cmd.cgi
-rwxr-xr-x 1 root root 219692 2008-04-18 14:34 /usr/lib/cgi-bin/nagios3/cmd.cgi*

$ grep -e www-data -e nagios /etc/group
www-data:x:33:
Debian-exim:x:102:nagios
nagios:x:124:

(I had to add "nagios" to "Debian-exim" so it is able to run "mailq").

/var/lib/nagios3/rw/nagios.cmd is a fifo that is meant to be
written by the cmd.cgi CGI to give commands to be run to the
nagios server, such as reschedule a check.

Here the user running "cmd.cgi" (www-data) can't write to the
file because it doesn't have search permission to
/var/lib/nagios3 nor /var/lib/nagios3/rw/nagios.cmd

Probably the best way to fix it is to change the permissions to:

drwxr-xr-x 5 nagios nagios 4096 2008-04-30 14:46 /var/lib/nagios3
drwxr-x--- 2 nagios nagios 4096 2008-05-01 16:43 /var/lib/nagios3/rw
prw-rw---- 1 nagios nagios 0 2008-05-01 16:41 /var/lib/nagios3/rw/nagios.cmd
---x--s--- 1 www-data nagios 219692 2008-04-18 14:34 /usr/lib/cgi-bin/nagios3/cmd.cgi*

Normally, the cmd.cgi is protected by basic HTTP authentication.

-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.24.2
Locale: LANG=en_GB.ISO-8859-15, LC_CTYPE=en_GB.ISO-8859-15 (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages nagios3 depends on:
ii libc6 2.7-10 GNU C Library: Shared libraries
ii libgd2-xpm 2.0.36~rc1~dfsg-2 GD Graphics Library version 2
ii libglib2.0-0 2.16.3-2 The GLib library of C routines
ii libjpeg62 6b-14 The Independent JPEG Group's JPEG
ii libperl5.8 5.8.8-12 Shared Perl library
ii libpng12-0 1.2.26-1 PNG library - runtime
ii nagios3-common 3.0.1-1 support files for nagios3
ii perl 5.8.8-12 Larry Wall's Practical Extraction
ii zlib1g 1:1.2.3.3.dfsg-12 compression library - runtime

nagios3 recommends no packages.

-- no debconf information

--
To UNSUBSCRIBE, email to debian-bugs-...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org

Alexander Wirt

unread,
May 1, 2008, 12:40:08 PM5/1/08
to
tag 478889 wontfix
thanks

Stephane Chazelas schrieb am Thursday, den 01. May 2008:

> Package: nagios3
> Version: 3.0.1-1
> Severity: normal
>
>
> Hiya,
>
> $ sudo ls -ld /var/lib/nagios3{,/rw{,/nagios.cmd}}
> drwxr-x--- 5 nagios nagios 4096 2008-04-30 14:46 /var/lib/nagios3
> drwx------ 2 nagios www-data 4096 2008-05-01 16:43 /var/lib/nagios3/rw
> prw-rw---- 1 nagios nagios 0 2008-05-01 16:41 /var/lib/nagios3/rw/nagios.cmd
>
> $ ls -ld /usr/lib/cgi-bin/nagios3/cmd.cgi
> -rwxr-xr-x 1 root root 219692 2008-04-18 14:34 /usr/lib/cgi-bin/nagios3/cmd.cgi*
>
> $ grep -e www-data -e nagios /etc/group
> www-data:x:33:
> Debian-exim:x:102:nagios
> nagios:x:124:
>
> (I had to add "nagios" to "Debian-exim" so it is able to run "mailq").
>
> /var/lib/nagios3/rw/nagios.cmd is a fifo that is meant to be
> written by the cmd.cgi CGI to give commands to be run to the
> nagios server, such as reschedule a check.
>
> Here the user running "cmd.cgi" (www-data) can't write to the
> file because it doesn't have search permission to
> /var/lib/nagios3 nor /var/lib/nagios3/rw/nagios.cmd

Please read README.Debian.

Thanks.

Stephane Chazelas

unread,
May 1, 2008, 2:40:11 PM5/1/08
to
2008-05-01 18:28:34 +0200, Alexander Wirt:
> tag 478889 wontfix
> thanks
[...]
> Please read README.Debian.
[...]

Alright, sorry about that.

regards,
Stephane

0 new messages