[Nagiosplug-devel] --with-nagios-user/group options

[Gavin Carr]

On Tue, Mar 06, 2007 at 11:00:48AM +0000, Ton Voon wrote:
> On 5 Mar 2007, at 20:33, Ethan Galstad wrote:
> 
> > The --with-nagios-user/group configure script options have disappeared
> > and cause some problems if you install the plugins as the root user
> > (which you have to do for the check_dhcp and check_icmp plugins).
> >
> > The ownership on the plugins is root.root, which would normally be  
> > fine,
> > except for the face that the check_dhcp and check_icmp have to (1) be
> > setuid root and (2) be executable by the nagios user.  The perms can't
> > get set properly now that the --with-nagios-user/group options are  
> > gone.
> >
> > For the time being I've written instructions on how to fix the
> > permissions, but that isn't optimal.  Is there are reason why these
> > configure script options were removed?
> >
> 
> My reasoning for the removal of the --with-nagios-user/group was to  
> be more like GNU coreutils. I think this is more packaging friendly,  
> since a user does not need to be created on the packaging server. It  
> also seems to be how other projects handle installs: I've downloaded  
> Apache and GNU coreutils and a "make install" shows that files are  
> installed by the current user. Mysql's documentation also suggests  
> that setting user/group permissions are a separate task: http:// 
> dev.mysql.com/doc/refman/5.1/en/quick-install.html
> 
> I think it is a packager or an implementor's job to tie down any  
> permissions to be as secure as they wish (change all plugins to be  
> nagios user executable only, setup sudo instead, etc).
> 
> I concede that the root plugins are not useable immediately. 

At least, they're not _directly_ usable immediately. I always use them
via sudo, for instance - that use case works fine, of course.

> Checking  
> coreutils, they run "chmod a=rx,u+s" and "chown root" for the su  
> binary, which we should do as well for the root plugins. I've just  
> committed that to CVS and updated various docs to try and make this  
> clearer.
> 
> For your quick start guide, the "make install-root" step is not  
> required as all the plugin compile and install steps are done as the  
> root user. The chown and chmod steps can also be removed (though  
> permissions are open).
> 
> However, there is quite a bit of confusion about this, probably due  
> to the plugins "doing it how other projects are doing it", rather  
> than "how Nagios does it" - this is not a complaint, just an  
> observation.
> 
> Any other thoughts? I'd be especially interested from packagers if  
> this way makes it easier or not. If not, then maybe switching back to  
> --with-nagios-user/group is preferable. One possibility is that the  
> default behaviour is as current, but if --with-nagios-user/group is  
> set, to specifically use those settings.

Packaging is definitely cleaner if there is no _requirement_ that a
nagios user or group exist at build time. So I think we want the 
current behaviour available, but supporting --with-nagios-user/group
seems useful behaviour too, for the direct-install case. 

I'm ambivalent about automatically installing setuid. I guess it's 
really a judgement call on paranoia vs. convenience. I'd probably tend
to to err on the side of paranoia and make the default install not do
any setuid magic, and have an alternative install target for the 
extra-convenience version. If you go the other way, you should probably
have a paranoia-target for those that don't want or need the setuid 
versions?

And clearly non-root installs should continue to work as they do 
currently, with no ownership or setuid munging.

Cheers,
Gavin