> -----Original Message----- > From: Israel Brewster [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 12, 2006 11:12 AM > To: Tom Brown; Marc Powell > Cc: [email protected] > Subject: Re: [Nagios-users] Command File error >
[chop] > > On Jul 11, 2006 at 8:39 PM, Marc Powell wrote: > > > And restarted the web server presumably. That leaves 2 likely > > possibilities: > > - one or more of the directories above rw/ are not accessible by > > your web server user or > > - you have SELinux enabled and have not allowed http permissions > > by policy. You can use 'audit2allow -l -i /var/log/messages' to see if > > that's the case. > > > > I don't use SELinux so I can't provide you with a specific policy. > > All directories in the path have read and execute permissions set for > everybody. Most don't have write permissions, but I wouldn't think > that would be an issue. Issuing the command you give returns the > following result: > > allow httpd_sys_script_t usr_t:fifo_file getattr; > allow httpd_sys_script_t usr_t:file write; > allow unlabeled_t netif_eth0_t:netif rawip_recv; > > I don't know anything about SELinux though, so I have no clue if this > is good, bad, or indifferent. Any thoughts? Bad. The first two lines indicate that SELinux is preventing httpd from accessing a fifo file (nagios.cmd almost certainly). Grep for nagios.cmd in /var/log/messages. You'll certainly see 'avc: denied' messages. audit2allow presents policy rules that would allow access to things that were blocked. Note that they are overly permissive though. You can either disable SELinux or modify your policy/permissions for nagios.cmd to allow access for httpd. There are numerous messages in the archive about SELinux. > > I also tried changing the permissions on the command file and > enclosing folder so that anyone could read and write to them, just to > see if that would fix the issue, but no change. So apparently it > isn't a permissions issue, at least not directly with the file and > enclosed folder. SELinux permissions are above and beyond normal file system permissions. -- Marc ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Nagios-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
