From owner-freebsd-questions@FreeBSD.ORG Thu Oct 16 21:58:46 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DBFF31065686 for ; Thu, 16 Oct 2008 21:58:46 +0000 (UTC) (envelope-from fbsd.questions@rachie.is-a-geek.net) Received: from mail.rachie.is-a-geek.net (rachie.is-a-geek.net [66.230.99.27]) by mx1.freebsd.org (Postfix) with ESMTP id AA9D18FC16 for ; Thu, 16 Oct 2008 21:58:46 +0000 (UTC) (envelope-from fbsd.questions@rachie.is-a-geek.net) Received: from localhost (mail.rachie.is-a-geek.net [192.168.2.101]) by mail.rachie.is-a-geek.net (Postfix) with ESMTP id 5EFF0AFBC02; Thu, 16 Oct 2008 13:58:45 -0800 (AKDT) From: Mel To: freebsd-questions@freebsd.org Date: Thu, 16 Oct 2008 23:58:44 +0200 User-Agent: KMail/1.9.7 References: <48F6EDF2.4070109@intersonic.se> <200810162231.50549.fbsd.questions@rachie.is-a-geek.net> <48F7B3F3.70907@intersonic.se> In-Reply-To: <48F7B3F3.70907@intersonic.se> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200810162358.44308.fbsd.questions@rachie.is-a-geek.net> Cc: Subject: Re: FreeBSD and Nagios - permissions X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Oct 2008 21:58:46 -0000 On Thursday 16 October 2008 23:36:51 Per olof Ljungmark wrote: > Mel wrote: > > On Thursday 16 October 2008 22:07:43 Per olof Ljungmark wrote: > >> Per olof Ljungmark wrote: > >>> Daniel Bye wrote: > >>>> On Thu, Oct 16, 2008 at 12:05:01PM +0100, Daniel Bye wrote: > >>>> nagios ALL=(root) NOPASSWD: NAGIOS_CMNDS > > > > ^^^^ This means: ALLOW nagios user from anywhere to run commands NAGIOS_CMNDS as user root without a password. > >> For the records, even this won't work because nagois needs access to > >> /dev/xpt0 as well and once there sudo can't help. > >> > >> sudo -u nagios /sbin/camcontrol inquiry da0 > >> camcontrol: cam_lookup_pass: couldn't open /dev/xpt0 > >> cam_lookup_pass: Permission denied The above sudo command, runs as nagios user, not as root. > But... the command "/sbin/camcontrol inquiry da0" IS run as root through > the setup in sudoers above, See above. To test if it would work, you'd have to login as nagios then run sudo /sbin/camcontrol inquiry da0. -- Mel Problem with today's modular software: they start with the modules and never get to the software part.