LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 11-06-2009, 08:30 AM   #1
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 623

Rep: Reputation: 33
Need help with sudo and /etc/sudoers


These are the rights of the nagios-user on nagisk.pl :
Code:
[nagios@vps ~]$ ls -l /usr/local/nagios/libexec/nagisk.pl
-rwxr-x--- 1 nagios nagios 4163 Nov  2 17:12 /usr/local/nagios/libexec/nagisk.pl
This is in the sudoers-file :
Code:
nagios ALL= (root) NOPASSWD: /usr/local/nagios/libexec/nagisk.pl
These are the results of my configuration :
Code:
[nagios@vps ~]$ /usr/local/nagios/libexec/nagisk.pl -c peers
[nagios@vps ~]$
Code:
[nagios@vps ~]$ sudo /usr/local/nagios/libexec/nagisk.pl -c peers
4 sip peers [Monitored: 3 online, 1 offline Unmonitored: 0 online, 0 offline]
Code:
[nagios@vps ~]$ /usr/local/nagios/libexec/check_nrpe -H localhost
NRPE v2.12
[nagios@vps ~]$ /usr/local/nagios/libexec/check_nrpe -H localhost -c check_asterisk_peers
NRPE: Unable to read output
Code:
[nagios@vps ~]$ sudo /usr/local/nagios/libexec/check_nrpe -H localhost -c check_asterisk_peers
Password: 
Sorry, user nagios is not allowed to execute '/usr/local/nagios/libexec/check_nrpe -H localhost -c check_asterisk_peers' as root on vps.domain.tld.

So how do I correctly give the nagios-user root-rights to be able to execute "nagisk.pl -c peers" ?? Without manually having to give the sudo-command...

Last edited by jonaskellens; 11-06-2009 at 10:59 AM.
 
Old 11-06-2009, 09:24 AM   #2
MensaWater
Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,028
Blog Entries: 5

Rep: Reputation: 791Reputation: 791Reputation: 791Reputation: 791Reputation: 791Reputation: 791Reputation: 791
You seem to be implying that the check_asterisk_peers check in NRPE is calling the /usr/local/nagios/libexec/nagisk.pl script.

Is this the case? Is check_asterisk_peers a script? If so you'd need to insert the sudo into the line of the script that is calling /usr/local/nagios/libexec/nagisk.pl.

You do NOT need to do sudo to check_npre. It won't work (and didn't as you show) because you never granted permission to do check_nrpe in sudo. It is NOT necessary to do such a grant because you're running the check_nrpe as nagios user which is the default user.

That is to say you've granted permission to one thing (/usr/local/nagios/libexec/nagisk.pl) but then try to run something else (check_nrpe) with sudo.
 
Old 11-06-2009, 09:35 AM   #3
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 623

Original Poster
Rep: Reputation: 33
Quote:
Originally Posted by jlightner View Post
You seem to be implying that the check_asterisk_peers check in NRPE is calling the /usr/local/nagios/libexec/nagisk.pl script.
Code:
bash-3.2# vi /usr/local/nagios/etc/nrpe.cfg 
command[check_asterisk_peers]=sudo /usr/local/nagios/libexec/nagisk.pl -c peers
What I'm implying is indeed the case...

But this sudo-statement doesn't work.

Something wrong in my /etc/sudoers-file ??
 
Old 11-06-2009, 09:42 AM   #4
PTrenholme
Senior Member
 
Registered: Dec 2004
Location: Olympia, WA, USA
Distribution: Fedora, (K)Ubuntu
Posts: 4,154

Rep: Reputation: 333Reputation: 333Reputation: 333Reputation: 333
Have you considered having the executable run itself as "root" by using chmod as root to set the s permission flag on it? If only the nagios group has x permission, that might be a possible solution.
 
Old 11-06-2009, 09:43 AM   #5
MensaWater
Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,028
Blog Entries: 5

Rep: Reputation: 791Reputation: 791Reputation: 791Reputation: 791Reputation: 791Reputation: 791Reputation: 791
What I said before is that this line is wrong:
Code:
sudo /usr/local/nagios/libexec/check_nrpe -H localhost -c check_asterisk_peers
You should only type:
Code:
/usr/local/nagios/libexec/check_nrpe -H localhost -c check_asterisk_peers
You don't sudo to a sudo command which is what you were doing.

Of course I've never done a sudo in nrpe.cfg so can't guarantee that would work.
 
Old 11-06-2009, 09:50 AM   #6
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 623

Original Poster
Rep: Reputation: 33
Quote:
Originally Posted by jlightner View Post
You should only type:
Code:
/usr/local/nagios/libexec/check_nrpe -H localhost -c check_asterisk_peers
Like I stated in my first post, what I'm getting then is :
Code:
[nagios@vps ~]$ /usr/local/nagios/libexec/check_nrpe -H localhost -c check_asterisk_peers
NRPE: Unable to read output
So the nagios-user does not have permissions to execute /usr/local/nagios/libexec/nagisk.pl -c peers
 
Old 11-06-2009, 10:08 AM   #7
MensaWater
Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 6,028
Blog Entries: 5

Rep: Reputation: 791Reputation: 791Reputation: 791Reputation: 791Reputation: 791Reputation: 791Reputation: 791
Do other checks not requiring sudo work or do you also get the NRPE: Unable to read output?

I've seen posts for that which indicate issue is that the nrpe daemon is not running as the user that owns the directory.
 
Old 11-06-2009, 10:58 AM   #8
jonaskellens
Member
 
Registered: Jul 2008
Location: Ghent, Belgium
Distribution: Fedora, CentOS
Posts: 623

Original Poster
Rep: Reputation: 33
I still had the option 'requiretty' enabled in /etc/sudoers

By putting it in comment, everything works well now...

Thanks for all reply
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
sudo(/etc/sudoers) issue knockout_artist Linux - Newbie 2 03-24-2009 05:39 PM
Help with sudo and sudoers zeeple Linux - Newbie 2 12-06-2008 12:51 PM
Preventing Sudoers from doing sudo su DejaCpp Linux - Security 4 12-22-2007 05:47 AM
Sudo password for users, a.k.a. sudoers Micro420 Suse/Novell 2 04-21-2006 10:23 PM
sudo and sudoers syntax mikemrh9 Linux - Security 7 06-04-2005 08:54 PM


All times are GMT -5. The time now is 09:11 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration