LinuxQuestions.org - [SOLVED] Need help with sudo and /etc/sudoers

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - Need help with sudo and /etc/sudoers (https://www.linuxquestions.org/questions/linux-newbie-8/need-help-with-sudo-and-etc-sudoers-767300/)

Need help with sudo and /etc/sudoers

These are the rights of the nagios-user on nagisk.pl :

Code:

[nagios@vps ~]$ ls -l /usr/local/nagios/libexec/nagisk.pl

-rwxr-x--- 1 nagios nagios 4163 Nov  2 17:12 /usr/local/nagios/libexec/nagisk.pl

This is in the sudoers-file :

Code:

nagios ALL= (root) NOPASSWD: /usr/local/nagios/libexec/nagisk.pl

These are the results of my configuration :

Code:

[nagios@vps ~]$ /usr/local/nagios/libexec/nagisk.pl -c peers

[nagios@vps ~]$

Code:

[nagios@vps ~]$ sudo /usr/local/nagios/libexec/nagisk.pl -c peers

4 sip peers [Monitored: 3 online, 1 offline Unmonitored: 0 online, 0 offline]

Code:

[nagios@vps ~]$ /usr/local/nagios/libexec/check_nrpe -H localhost

NRPE v2.12

[nagios@vps ~]$ /usr/local/nagios/libexec/check_nrpe -H localhost -c check_asterisk_peers

NRPE: Unable to read output

Code:

[nagios@vps ~]$ sudo /usr/local/nagios/libexec/check_nrpe -H localhost -c check_asterisk_peers

Password: 

Sorry, user nagios is not allowed to execute '/usr/local/nagios/libexec/check_nrpe -H localhost -c check_asterisk_peers' as root on vps.domain.tld.

So how do I correctly give the nagios-user root-rights to be able to execute "nagisk.pl -c peers" ?? Without manually having to give the sudo-command...

You seem to be implying that the check_asterisk_peers check in NRPE is calling the /usr/local/nagios/libexec/nagisk.pl script.

Is this the case? Is check_asterisk_peers a script? If so you'd need to insert the sudo into the line of the script that is calling /usr/local/nagios/libexec/nagisk.pl.

You do NOT need to do sudo to check_npre. It won't work (and didn't as you show) because you never granted permission to do check_nrpe in sudo. It is NOT necessary to do such a grant because you're running the check_nrpe as nagios user which is the default user.

That is to say you've granted permission to one thing (/usr/local/nagios/libexec/nagisk.pl) but then try to run something else (check_nrpe) with sudo.

Quote:

Originally Posted by jlightner (Post 3747037)

You seem to be implying that the check_asterisk_peers check in NRPE is calling the /usr/local/nagios/libexec/nagisk.pl script.

Code:

bash-3.2# vi /usr/local/nagios/etc/nrpe.cfg 

command[check_asterisk_peers]=sudo /usr/local/nagios/libexec/nagisk.pl -c peers

What I'm implying is indeed the case...

But this sudo-statement doesn't work.

Something wrong in my /etc/sudoers-file ??

Have you considered having the executable run itself as "root" by using chmod as root to set the s permission flag on it? If only the nagios group has x permission, that might be a possible solution.

What I said before is that this line is wrong:

Code:

sudo /usr/local/nagios/libexec/check_nrpe -H localhost -c check_asterisk_peers

You should only type:

Code:

/usr/local/nagios/libexec/check_nrpe -H localhost -c check_asterisk_peers

You don't sudo to a sudo command which is what you were doing.

Of course I've never done a sudo in nrpe.cfg so can't guarantee that would work.

Quote:

Originally Posted by jlightner (Post 3747065)

You should only type:

Code:

/usr/local/nagios/libexec/check_nrpe -H localhost -c check_asterisk_peers

Like I stated in my first post, what I'm getting then is :

Code:

[nagios@vps ~]$ /usr/local/nagios/libexec/check_nrpe -H localhost -c check_asterisk_peers

NRPE: Unable to read output

So the nagios-user does not have permissions to execute /usr/local/nagios/libexec/nagisk.pl -c peers

Do other checks not requiring sudo work or do you also get the NRPE: Unable to read output?

I've seen posts for that which indicate issue is that the nrpe daemon is not running as the user that owns the directory.

I still had the option 'requiretty' enabled in /etc/sudoers

By putting it in comment, everything works well now...

Thanks for all reply