Hi,
I've discovered monit a few months ago and I am really delighted with
it. However, last week I've found a weird problem which, honestly, I do
not know how to solve.
I have some machines running Ubuntu 12.04, so the monit version is not
the latest. Monit should make sure that a certain program runs owned by
a certain unprivileged user. One of this program's plugins needs to
access the serial port, but I am constantly getting permission errors.
If I run the program directly with the same user, I do not get any
errors. Let me explain how the user and group permissions are:
* The serial port device is "/dev/ttyS0". Owner: root. Group: dialout.
Permissions 660. This is the standard configuration for the serial
ports in Ubuntu
* The user main group is its own (for instance, user "sinho", group
"sinho"), but it belongs to the group "dialout" nevertheless.
Please find attached a monit configuration file ("test_python_monit")
and a python program ("test.py") that I've used to demonstrate the
issue. I'm using "process" and not "program", because the monit version
in 12.04 does not yet support a "program" check with arguments. In order
to run this in your computer, you should change "test_python_monit" to
include the actual path to the "test.py" file in your system, and your
own user name.
All in all, the results I get with this test (which are the same as with
the real program) are like this. Using the attached configuration file
and running "monit validate":
'python' process is not running
'python' trying to restart
'python' start: /usr/bin/python
User: 1000
Group: 1000
Efective User: 1000
Efective Group: 1000
Serial port owner 0 can read, can write and cannot execute
Serial port group 20 can read, can write and cannot execute
Serial port others cannot read, cannot write and cannot execute
Can we read? No
Can we write? No
Can we execute? No
Running the "test.py" script directly, I get:
User: 1000
Group: 1000
Efective User: 1000
Efective Group: 1000
Serial port owner 0 can read, can write and cannot execute
Serial port group 20 can read, can write and cannot execute
Serial port others cannot read, cannot write and cannot execute
Can we read? Yes
Can we write? Yes
Can we execute? No
So I guess the issue is that, with monit, the additional groups are not
taken into account for some reason. But changing the group in the monit
configuration is not an option, because the program I am using does some
kind of user authorization using the group permissions.
Any idea of how this can be solved?
Thanks for your help
--
Rubén Pérez Vázquez
*Universität zu Köln*
/Regionales Rechenzentrum (RRZK)/
Weyertal 121, Raum 4.05
D-50931 Köln
✆: +49-221-470-89603
check process python matching "^python [a-zA-Z/]*test.py$"
start program = "/usr/bin/python
/home/sinho/workspace/monit_permissions/test.py"
as uid sinho and gid sinho with timeout 30 seconds
stop program = "/bin/echo"
as uid sinho and gid sinho with timeout 30 seconds
#! /usr/bin/env python
# -*- coding: utf-8 -*-
import os
import stat
port="/dev/ttyS0"
print "User: {}\nGroup: {}\nEfective User: {}\nEfective Group: {}".format(os.getuid(), os.getgid(), os.geteuid(), os.getegid())
perm = os.stat(port)
print "Serial port owner {} can{} read, can{} write and can{} execute".format(perm.st_uid, *[ "" if perm.st_mode & mask else "not" for mask in [stat.S_IRUSR, stat.S_IWUSR, stat.S_IXUSR]])
print "Serial port group {} can{} read, can{} write and can{} execute".format(perm.st_gid, *[ "" if perm.st_mode & mask else "not" for mask in [stat.S_IRGRP, stat.S_IWGRP, stat.S_IXGRP]])
print "Serial port others can{} read, can{} write and can{} execute".format(*[ "" if perm.st_mode & mask else "not" for mask in [stat.S_IROTH, stat.S_IWOTH, stat.S_IXOTH]])
print "Can we read? {}".format("Yes" if os.access(port, os.R_OK) else "No")
print "Can we write? {}".format("Yes" if os.access(port, os.W_OK) else "No")
print "Can we execute? {}".format("Yes" if os.access(port, os.X_OK) else "No")
--
To unsubscribe:
https://lists.nongnu.org/mailman/listinfo/monit-general
