Re: [PR REVIEW] New package: nagios-4.4.6

[bahamas10 <bahamas10@users.noreply.github.com>]

[-- Attachment #1: Type: text/plain, Size: 1498 bytes --]

New review comment by bahamas10 on void-packages repository

https://github.com/void-linux/void-packages/pull/23249#discussion_r453250094

Comment:
I did some testing into this, and `chpst -u _nagios ...` is possible with modifications to change 2 things:.

1. files in `/etc/nagios` are `660` owned by `root:root`.
2. `nagios` executable is `770` owned by `root:root`.

Both of these things make it so running `chpst -u _nagios nagios ...` fails because 1. it cannot execute the nagios executable.  If i manually `chmod 755` the executable, then it fails again because it cannot read the configuration files.  If I run a find command to change all of the config files to have `644` permissions *then* nagios is able to run under `chpst -u _nagios`.

`nagios` the core executable does not bind to any network port - it simply ships the CGI and HTML files and requires an external web server to host them.  `nagios` instead creates a named pipe at `/var/nagios/rw/nagios.cmd` for communication with the daemon.

I like the idea of running with `chpst` but that'll require the permissions of the executables and the configuration files be opened up to be readable by all, or to modify them to be in the `_nagios` group.  I personally like the idea of the configs and executables being *readable* (not writable) by all, but I understand that that goes against the spirit of how nagios is compiled.  Having it start as root is probably *ok* because it does drop privileges after it starts up.