Hi all, I have an issue where I am running a certain bash script that reads some data from /var/log/syslog. This file is readable by the group 'adm' (running Debian here).
I've added the 'nagios' user, which the icinga2 process runs as, to the 'adm' group, but still the script cannot read the file. I've added this to the output for debugging: echo `whoami` echo `groups` and I get: nagios nagios # groups nagios nagios : nagios adm # sudo -u nagios groups nagios adm 2263 ? Ssl 0:06 /usr/sbin/icinga2 -c /etc/icinga2/icinga2.conf -u nagios -g nagios -d -e /var/log/icinga2/icinga2.err --no-stack-rlimit So obviously the bash script is running as the nagios user, but group membership has been discarded for some reason. I've set icinga2 to run explicitly as group 'adm'. Would there be any issues with this? 10081 ? Ssl 0:00 /usr/sbin/icinga2 -c /etc/icinga2/icinga2.conf -u nagios -g adm -d -e /var/log/icinga2/icinga2.err --no-stack-rlimit I can see it being useful to have the nagios user (or whatever user the process runs as) be a member of multiple groups in order to access certain files. It's not causing any problems at the moment, as in production this check is using NRPE, which does work with user group membership, but it would be interesting to know why this is happening and how to work around it. I don't think sudo is necessary in this case. It seems that if possible, first you'd want to resolve permission issues on the file system level before resorting to sudo. Kind regards, Simon _______________________________________________ icinga-users mailing list [email protected] https://lists.icinga.org/mailman/listinfo/icinga-users
