[Nagiosplug-devel] [ nagiosplug-Patches-1878144 ] check_mailq need root privileges

SourceForge.net noreply at sourceforge.net
Wed Jan 23 16:24:41 CET 2008

Previous message: [Nagiosplug-devel] [ nagiosplug-Patches-1878144 ] check_mailq need root privileges
Next message: [Nagiosplug-devel] [ nagiosplug-Patches-1878144 ] check_mailq need root privileges
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Patches item #1878144, was opened at 2008-01-23 09:24
Message generated for change (Comment added) made by dermoth
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397599&aid=1878144&group_id=29880

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
>Status: Pending
Resolution: None
Priority: 5
Private: No
Submitted By: gerhard lausser (lausser)
Assigned to: Nobody/Anonymous (nobody)
Summary: check_mailq need root privileges

Initial Comment:
Hi,
i have several Linux servers, where you need special privileges to execute /usr/bin/mailq.
On these servers i got:

-bash-2.05b$ check_mailq -w 1 -c 5
Program mode requires special privileges, e.g., root or TrustedUser.
CRITICAL: Error code 78 returned from /usr/bin/mailq

Allowing the Nagios user to call check_mailq with sudo was not an option, because the plugins are owned and writable by this user himself.
Yet it was possible to get sudo privileges for the /usr/bin/mailq command. I then patched check_mailq so that it first would ask "sudo -l" if $utils::PATH_TO_MAILQ is among the priviledged commands and if yes, call it with "sudo $utils::PATH_TO_MAILQ" instead.
I appended the patch.
Do you think this could be an option for plugins in general? I am sure, there are other installations which prefer 
sudo "/usr/bin/command inside the plugin"
over sudo plugin

Greetings from Munich,
Gerhard

----------------------------------------------------------------------

>Comment By: Thomas Guyot (dermoth)
Date: 2008-01-23 10:24

Message:
Logged In: YES 
user_id=375623
Originator: NO

Why don't you just remove any write permissions from Nagios for the plugin
and plugin's folder? If you have dependencies you can also use a different
path. Make it owned from root with read access for Nagios or everyone, for
example.

I don't believe adding sudo commands in plugin scripts is a viable
solution, however an alternative would be to define the mailq path/command
as "/usr/bin/sudo /usr/bin/mailq" or whichever path you need.

./configure --with-mailq-command="/usr/bin/sudo /usr/bin/mailq"

I haven't tried but this may work already... If it don't and you have a
fix for that, we'll merge it (and document this trick in the web site).

Thanks

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=397599&aid=1878144&group_id=29880

Previous message: [Nagiosplug-devel] [ nagiosplug-Patches-1878144 ] check_mailq need root privileges
Next message: [Nagiosplug-devel] [ nagiosplug-Patches-1878144 ] check_mailq need root privileges
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Devel mailing list