[MediaWiki-commits] [Gerrit] operations/puppet[production]: icinga: Fix permissions for /var/lib/nagios/rw

Alexandros Kosiaris (Code Review) Thu, 20 Apr 2017 08:08:03 -0700

Alexandros Kosiaris has submitted this change and it was merged. ( 
https://gerrit.wikimedia.org/r/349221 )


Change subject: icinga: Fix permissions for /var/lib/nagios/rw
......................................................................


icinga: Fix permissions for /var/lib/nagios/rw

Per Debian Bug 571801 a more prudent way of allowing icinga web to
execute commands would be to rely on the sgid bit of directories making
sure that icinga restarts rely on the containing directory for providing
the correct permissions on the nagios.cmd file

Bug: T163286
Change-Id: I20a7306d6951eba3a2c43d27f574fcbbf1ff7ef1
---
M modules/icinga/manifests/init.pp
1 file changed, 4 insertions(+), 11 deletions(-)

Approvals:
  Alexandros Kosiaris: Verified; Looks good to me, approved



diff --git a/modules/icinga/manifests/init.pp b/modules/icinga/manifests/init.pp
index 9d141ee..a6e7974 100644
--- a/modules/icinga/manifests/init.pp
+++ b/modules/icinga/manifests/init.pp
@@ -151,18 +151,11 @@
     }
 
     # Command folders / files to let icinga web to execute commands
+    # See Debian Bug 571801
     file { '/var/lib/nagios/rw':
-        ensure => directory,
-        owner  => 'icinga',
-        group  => 'nagios',
-        mode   => '0775',
-    }
-
-    file { '/var/lib/nagios/rw/nagios.cmd':
-        ensure => present,
-        owner  => 'icinga',
-        group  => 'www-data',
-        mode   => '0664',
+        owner => 'icinga',
+        group => 'www-data',
+        mode  => '2710', # The sgid bit means new files inherit guid
     }
 
     # ensure icinga can write logs for ircecho, raid_handler etc.

-- 
To view, visit https://gerrit.wikimedia.org/r/349221
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I20a7306d6951eba3a2c43d27f574fcbbf1ff7ef1
Gerrit-PatchSet: 3
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Alexandros Kosiaris <[email protected]>
Gerrit-Reviewer: Alexandros Kosiaris <[email protected]>
Gerrit-Reviewer: Volans <[email protected]>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] operations/puppet[production]: icinga: Fix permissions for /var/lib/nagios/rw

Reply via email to