From: bahamas10 <bahamas10@users.noreply.github.com>
To: ml@inbox.vuxu.org
Subject: Re: [PR REVIEW] New package: nagios-4.4.6
Date: Sun, 12 Jul 2020 02:36:20 +0200 [thread overview]
Message-ID: <20200712003620.OjlLqEC8OGMNPtP2tK4-ZMzOvF7ORjy4ord5ItJIEVg@z> (raw)
In-Reply-To: <gh-mailinglist-notifications-41a7ca26-5023-4802-975b-f1789d68868e-void-packages-23249@inbox.vuxu.org>
[-- Attachment #1: Type: text/plain, Size: 1498 bytes --]
New review comment by bahamas10 on void-packages repository
https://github.com/void-linux/void-packages/pull/23249#discussion_r453250094
Comment:
I did some testing into this, and `chpst -u _nagios ...` is possible with modifications to change 2 things:.
1. files in `/etc/nagios` are `660` owned by `root:root`.
2. `nagios` executable is `770` owned by `root:root`.
Both of these things make it so running `chpst -u _nagios nagios ...` fails because 1. it cannot execute the nagios executable. If i manually `chmod 755` the executable, then it fails again because it cannot read the configuration files. If I run a find command to change all of the config files to have `644` permissions *then* nagios is able to run under `chpst -u _nagios`.
`nagios` the core executable does not bind to any network port - it simply ships the CGI and HTML files and requires an external web server to host them. `nagios` instead creates a named pipe at `/var/nagios/rw/nagios.cmd` for communication with the daemon.
I like the idea of running with `chpst` but that'll require the permissions of the executables and the configuration files be opened up to be readable by all, or to modify them to be in the `_nagios` group. I personally like the idea of the configs and executables being *readable* (not writable) by all, but I understand that that goes against the spirit of how nagios is compiled. Having it start as root is probably *ok* because it does drop privileges after it starts up.
next prev parent reply other threads:[~2020-07-12 0:36 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <gh-mailinglist-notifications-41a7ca26-5023-4802-975b-f1789d68868e-void-packages-23249@inbox.vuxu.org>
2020-07-09 15:58 ` sgn
2020-07-09 15:59 ` sgn
2020-07-09 16:00 ` sgn
2020-07-09 16:02 ` sgn
2020-07-09 16:03 ` sgn
2020-07-09 16:03 ` sgn
2020-07-09 18:12 ` bahamas10
2020-07-09 18:16 ` bahamas10
2020-07-09 18:16 ` bahamas10
2020-07-09 18:17 ` bahamas10
2020-07-09 18:17 ` bahamas10
2020-07-09 21:27 ` bahamas10
2020-07-09 21:27 ` bahamas10
2020-07-09 21:41 ` bahamas10
2020-07-10 0:06 ` sgn
2020-07-10 0:12 ` sgn
2020-07-10 0:14 ` sgn
2020-07-10 0:15 ` sgn
2020-07-10 0:21 ` sgn
2020-07-10 17:00 ` bahamas10
2020-07-10 17:00 ` bahamas10
2020-07-10 17:03 ` bahamas10
2020-07-10 17:04 ` bahamas10
2020-07-10 17:06 ` bahamas10
2020-07-10 23:12 ` [PR REVIEW] " sgn
2020-07-10 23:15 ` sgn
2020-07-12 0:29 ` bahamas10
2020-07-12 0:36 ` bahamas10 [this message]
2020-07-12 0:39 ` bahamas10
2020-10-31 5:26 ` sgn
2020-11-22 1:01 ` [PR PATCH] [Updated] " bahamas10
2020-11-22 1:02 ` bahamas10
2020-11-22 1:24 ` ericonr
2020-11-22 1:38 ` [PR PATCH] [Updated] " bahamas10
2022-04-17 2:06 ` github-actions
2022-05-01 2:13 ` [PR PATCH] [Closed]: " github-actions
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200712003620.OjlLqEC8OGMNPtP2tK4-ZMzOvF7ORjy4ord5ItJIEVg@z \
--to=bahamas10@users.noreply.github.com \
--cc=ml@inbox.vuxu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).