net-analyzer/nagios-plugins are installed to be only executable by users in the nagios group (or root): # ls -l /usr/lib/nagios/plugins/check_ping -rwxr-x--- 1 root nagios 52384 Aug 26 23:07 /usr/lib/nagios/plugins/check_ping As the 'icinga' user is not a member of the 'nagios' group, icinga2 fails executing them with execvpe(/usr/lib/nagios/plugins/check_ping) failed: Permission denied I suggest to change the net-analyzer/icinga2 ebuild to add the icinga user to the nagios group if USE="plugins". Reproducible: Always
fixed in 2.2.1, thanks.
Thanks Matt, for taking care of this. But I'm not sure if if use plugins ; then enewuser icinga -1 -1 /var/lib/icinga2 "icinga,icingacmd,nagios" else enewuser icinga -1 -1 /var/lib/icinga2 "icinga,icingacmd" fi is the right approach. A look at the source for enewuser, shows that it will abort successfully if the user already exists. This means that if someone switches form "-plugins" to "plugins", his 'icinga' user will not be part of the 'nagios' group. Probably a solution would be to replace the lines above with # Ensure the 'nagios' group exists, see #528945c2 enewgroup nagios enewuser icinga -1 -1 /var/lib/icinga2 "icinga,icingacmd,nagios"
you are right, made the same mistake before in the original icinga...
