[smokeping-users] Re: Cannot get DYNAMIC target?

Leos Bitto smokeping at leos.cz
Tue Aug 23 13:55:15 MEST 2005 

Marc Haber wrote:
> Hi,
> 
> On Tue, Aug 23, 2005 at 01:16:32PM +0200, Leos Bitto wrote:
> 
>>Marc Haber wrote:
>>
>>>On my system, the directories are smokeping:www-data 755, and the rrd
>>>files are smokeping:www-data 644. However, this doesn't explain why
>>>the web server is able to write the rrd file. How does the web server
>>>gain access to the rrd files? Does it escalate privileges to smokeping
>>>by some funky way?
>>
>>The rrd files are written by the smokeping daemon only (which runs under 
>>user smokeping in your installation, I suppose). The cgi script only 
>>reads them, and creates the appropriate images in the directory 
>>specified as imgcache in the configuration file.
> 
> 
> You're right of course. I mixed up the png and rrd directories, how
> embarassing. However, there is no *.adr file in the imgcache directory
> (which is /var/www/smokeping on Debian).
> 
> 
>>>I have made the directory with the rrd files writeable for www-data
>>>(smokeping:www-data 755), but still no *.adr file shows up in the
>>>directory. What might be going wrong here?
>>>
>>
>>Many things. First, 755 is not writeable by group - but that's probably 
>>just a typo.
> 
> 
> Yes, it's a typo.
> 

OK, so how does it really look? What user, what group, what permissions? 
Is it smokeping:www-data 775 or something else?

> 
>>Second, your cgi script might not run with privileges 
>>including group www-data - that might happen for example because you 
>>Apache lacks access to this group, or because your Apache uses suexec.
> 
> 
> I cannot verify this since the directory the web server writes to,
> /var/www/smokeping, is of course www-data:www-data 755, and the
> presence of *.png files shows that the web server can write there.
> However, no .adr file here.
> 

The presence of *.png files there says that the cgi script runs under 
user www-data. However, that doesn't say that it has access to the group 
www-data (which might be needed to access that other directory). Please 
run the following cgi script to check the actual permissions:

#!/bin/bash
echo "Content-Type: text/plain"
echo
id

Additionally, please check whether your Apache uses suexec or not. That 
would make a big difference.


Leos

--
Unsubscribe mailto:smokeping-users-request at list.ee.ethz.ch?subject=unsubscribe
Help        mailto:smokeping-users-request at list.ee.ethz.ch?subject=help
Archive     http://lists.ee.ethz.ch/smokeping-users
WebAdmin    http://lists.ee.ethz.ch/lsg2.cgi

More information about the smokeping-users mailing list