Bug 134344

Summary:	nagios-core-2.3.1 sets incorrect permissions on /etc/nagios for apache to read
Product:	Gentoo Linux	Reporter:	Richard Scott <gentoo.bugs>
Component:	New packages	Assignee:	Gentoo Netmon project <netmon>
Status:	RESOLVED FIXED
Severity:	normal	CC:	eldad, gentoo.org, ramereth
Priority:	High
Version:	2006.0
Hardware:	All
OS:	Other
Whiteboard:
Package list:		Runtime testing required:	---
Bug Depends on:
Bug Blocks:	172480

Description Richard Scott 2006-05-25 10:08:18 UTC

I have noticed that the directory /etc/nagios needs to have permissions of 0755 for apache to be able to read the files within for the current installation of nagios-core-2.3.1.

This needs to either be updated to permissions of 0750 or better still, for apache to be added to the nagios group.

Comment 1 Jakub Moc (RETIRED) gentoo-dev

2006-05-25 10:17:36 UTC

(In reply to comment #0)
> This needs to either be updated to permissions of 0750 or better still, for
> apache to be added to the nagios group.

I don't see what's your problem here...

<snip>
enewgroup nagios

if use noweb; then
        enewuser nagios -1 /bin/bash /dev/null nagios
else
        enewuser nagios -1 /bin/bash /dev/null nagios,apache
fi
</snip>

Comment 2 Richard Scott 2006-05-25 10:32:40 UTC

Hiya,

The problme I can see is that the /etc/nagios directory and files are owned and readable *only* by the nagios user/group. 

Apache is not part of the nagios group and therefore can't read these files. 

The code you list adds the nagios user to the apache group and not apache to the nagios group which is what I believe we need.

I have had to use the following to fix this on my system:

# usermod -G nagios apache

Thanks

Richard.

Comment 3 Richard Scott 2006-05-25 10:33:15 UTC

Please can we re-open this as a bug?

Comment 4 Jakub Moc (RETIRED) gentoo-dev

2006-05-25 10:59:24 UTC

To be honest, I don't see what's the apache business in there... It shouldn't be apache-readable by default, IMHO.

Comment 5 Richard Scott 2006-05-25 11:17:59 UTC

(In reply to comment #4)
> To be honest, I don't see what's the apache business in there... It shouldn't
> be apache-readable by default, IMHO.
> 

I take it then you've not used the web interface to nagios to view the current status? ;-)

Apache executes some cgi scripts that read files in that directory. Apache has to be able to read the config files in /etc/nagios so it can tell you details about your current setup. If apache can't read that directory then you *always* get an error with the web interface.

Comment 6 Jakub Moc (RETIRED) gentoo-dev

2006-06-19 08:34:26 UTC

*** Bug 137261 has been marked as a duplicate of this bug. ***

Comment 7 Marcel Meckel 2006-11-22 07:07:56 UTC

As far as i can see there is no need that the user nagios is in the group apache, but vice versa, user apache is member of the group nagios, is necessary to get a working web frontend.

Comment 8 Tobias Scherbaum (RETIRED) gentoo-dev

2007-05-08 21:40:05 UTC

Added an info on how to get apache read-access to /etc/nagios in =net-analyzer/nagios-core-2.9.