Date: Fri, 17 Oct 2008 00:14:47 +0200 From: Per olof Ljungmark <peo@intersonic.se> To: freebsd-questions@freebsd.org Subject: Re: FreeBSD and Nagios - permissions Message-ID: <48F7BCD7.5010505@intersonic.se> In-Reply-To: <200810162358.44308.fbsd.questions@rachie.is-a-geek.net> References: <48F6EDF2.4070109@intersonic.se> <200810162231.50549.fbsd.questions@rachie.is-a-geek.net> <48F7B3F3.70907@intersonic.se> <200810162358.44308.fbsd.questions@rachie.is-a-geek.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Mel wrote: > On Thursday 16 October 2008 23:36:51 Per olof Ljungmark wrote: >> Mel wrote: >>> On Thursday 16 October 2008 22:07:43 Per olof Ljungmark wrote: >>>> Per olof Ljungmark wrote: >>>>> Daniel Bye wrote: >>>>>> On Thu, Oct 16, 2008 at 12:05:01PM +0100, Daniel Bye wrote: > > <snip> > >>>>>> nagios ALL=(root) NOPASSWD: NAGIOS_CMNDS >>> ^^^^ > This means: > ALLOW nagios user from anywhere to run commands NAGIOS_CMNDS as user root > without a password. > >>>> For the records, even this won't work because nagois needs access to >>>> /dev/xpt0 as well and once there sudo can't help. >>>> >>>> sudo -u nagios /sbin/camcontrol inquiry da0 >>>> camcontrol: cam_lookup_pass: couldn't open /dev/xpt0 >>>> cam_lookup_pass: Permission denied > > The above sudo command, runs as nagios user, not as root. > >> But... the command "/sbin/camcontrol inquiry da0" IS run as root through >> the setup in sudoers above, > > See above. To test if it would work, you'd have to login as nagios then run > sudo /sbin/camcontrol inquiry da0. OK, I'm sure you're right, this was my first encounter with sudo. But, nagios, running in parallel, reported identical results as the ones I got from the command line. That is why I draw the conclusion that giving nagios root access to NAGIOS_CMNDS was not enough and the reported error (access to /dev/xpt0) was not part of any direct command. Maybe this is wrong and I made a mistake but because this is *nix I'm confident there are other less kludgy solutions to the problem. -- per
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48F7BCD7.5010505>