[smokeping-users] Slave cannot open Secrets file (Permisson Denied)
Eric Chatham
echatham at broadvox.com
Mon Nov 9 18:53:21 CET 2009
Hello,
Was anyone able to come up with a solution to this?
Thank you, Eric.
>-----Original Message-----
>From: smokeping-users-bounces at lists.oetiker.ch [mailto:smokeping-users-
>bounces at lists.oetiker.ch] On Behalf Of Eric Chatham
>Sent: Wednesday, November 04, 2009 15:01
>To: smokeping-users at lists.oetiker.ch
>Subject: Re: [smokeping-users] Slave cannot open Secrets file (Permisson
>Denied)
>
>Hi Peter,
>
>Thank you for replying. That’s the part that doesn’t make sense. This is the
>command I run on the slave machine to daemonize smokeping.
>
>SLAVE DAEMON:
>
>/home/smokeping/alt/smokeping/bin/smokeping --master-
>url=http://server02.broadvox.net/smokeping/smokeping.cgi --shared-
>secret=/opt/smokeping/secret.txt --cache-dir=/var/tmp/
>WARNING: Opening secrets file /opt/smokeping/etc/secrets.conf: Permission
>denied
>
>ERROR: we did not get config from the master. Maybe we are not configured as a
>slave for any of the targets on the master ?
>
>
>There is no secrets.conf file on the slave machine – only the answer file,
>called secret.txt, and the error on the slave references the location of
>secrets.conf on the master server. Our Linux Server crashed a few days ago.
>I re-installed CentOS 5.1 on the server. This was the original OS on there
>too. The only difference in the smokeping installation was in the version of
>RRDTool I used (1.3 → 1.4). That’s it. All the configs were restored from a
>backup.
>
>On the master, I daemonize smokeping from the /opt directory. That is where I
>have installed smokeping; that was where it was installed beforehand as well.
>Yes, iptables on the master server allows access from the slave. As I
>mentioned, I did get it to work by giving secrets.conf on the master, 444
>permissions; however, when I changed the permissions of that file back to 440
>– for example, that’s when I get the permissions denied error on the slave.
>
>MASTER DAEMON:
>/opt/smokeping/bin/smokeping –restart
>
>Thank you for any assistance with this. ☺
>
>From: Peter Kristolaitis [mailto:alter3d at alter3d.ca]
>Sent: Tuesday, November 03, 2009 23:51
>To: Eric Chatham
>Cc: smokeping-users at lists.oetiker.ch
>Subject: Re: [smokeping-users] Slave cannot open Secrets file (Permisson
>Denied)
>
>The permissions of the config file on the master have *absolutely nothing* to
>do with the permissions of the config file on the slave. This is a file
>permission issue on the slave machine -- whatever context smokeping is running
>under is unable to read the secrets.conf file *on the slave machine*.
>
>To help in troubleshooting: What distribution of Linux (or *BSD, etc) are you
>using? Did you install Smokeping from a package or manually? How are you
>starting the slave -- and if it's manually, can you include your script, if
>any?
>
>
>
>Eric Chatham wrote:
>This still doesn’t make sense at all. This is a conundrum!
>
>When I set read to the everyone group for secrets.conf file (eg, 444) on the
>master and start the daemon on the slave, it works fine.
>
>BUT, if I go and try to restart the daemon on the master it says “ERROR:
>/opt/smokeping/etc/config, line 137: File '/opt/smokeping/etc/secrets.conf' is
>world-readable or writable, refusing it.” When I reset the permissions to
>read only on the master (eg 440), I am able to re-daemonize smokeping on
>master.
>
>BUT, when I go back to the slave and try to re-daemonize, I get “WARNING:
>Opening secrets file /opt/smokeping/etc/secrets.conf: Permission denied.
>ERROR: we did not get config from the master. Maybe we are not configured as a
>slave for any of the targets on the master?”
>
>This does not make sense
>
>From: Eric Chatham
>Sent: Tuesday, November 03, 2009 17:01
>To: Eric Chatham; Peter Kristolaitis
>Cc: smokeping-users at lists.oetiker.ch
>Subject: RE: [smokeping-users] Slave cannot open Secrets file (Permisson
>Denied)
>
>I changed the master so smokeping runs under smokeping user (uid 1002). I
>still can’t daemonize smokeping on the slave.
>
>1002 17841 0.0 0.3 30248 16468 ? Ss 15:55 0:00 /usr/bin/perl
>-w /opt/smokeping/bin/smokeping -restart
>1002 17842 0.0 0.3 30248 16392 ? S 15:55 0:00
>/opt/smokeping/bin/smokeping [FPing_III]
>1002 17843 0.0 0.3 30248 16308 ? S 15:55 0:00
>/opt/smokeping/bin/smokeping [FPing_II]
>1002 17844 0.0 0.3 30248 16308 ? S 15:55 0:00
>/opt/smokeping/bin/smokeping [FPing_IV]
>1002 17845 0.0 0.3 30248 16228 ? S 15:55 0:00
>/opt/smokeping/bin/smokeping [FPing_default]
>1002 17846 0.0 0.3 30248 16228 ? S 15:55 0:00
>/opt/smokeping/bin/smokeping [FPing_I]
>1002 17976 0.0 0.0 1716 540 ? S 15:56 0:00
>/usr/local/sbin/fping -C 20 -q -B1 -r1 -i10 71.182.234.59 204.15.16
>nagios 17984 0.0 0.0 17348 1580 ? S 15:56 0:00
>/usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
>nagios 17985 0.0 0.0 3908 712 ? S 15:56 0:00
>/usr/local/nagios/libexec/check_ping -H 10.128.54.222 -w 100.00,20%
>nagios 17986 0.0 0.0 1836 528 ? S 15:56 0:00 /bin/ping -n
>-U -w 10 -c 5 10.128.54.222
>nagios 18002 0.0 0.0 17348 1580 ? S 15:56 0:00
>/usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
>nagios 18003 0.0 0.0 3904 712 ? S 15:56 0:00
>/usr/local/nagios/libexec/check_ping -H 10.128.95.249 -w 3000.0,80%
>nagios 18005 0.0 0.0 1840 544 ? S 15:56 0:00 /bin/ping -n
>-U -w 30 -c 5 10.128.95.249
>nagios 18009 0.0 0.0 17348 1580 ? S 15:56 0:00
>/usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
>nagios 18010 7.3 0.1 10620 6828 ? S 15:56 0:00 /usr/bin/perl
>/usr/local/nagios/libexec/check_uptime.pl -H 10.10.3.
>1002 18023 0.0 0.0 7920 1680 pts/2 R+ 15:56 0:00 ps aux
>root 18807 0.0 0.0 5296 1196 ? Ss 08:29 0:00 crond
>root 20761 0.0 0.0 4532 1192 pts/2 S 09:48 0:00 /bin/sh
>/usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var
>mysql 20811 0.0 0.5 145232 23176 pts/2 Sl 09:48 0:19
>/usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=
>apache 24728 0.2 0.5 30584 21796 ? S 13:42 0:17
>/usr/bin/speedy_backend -w /opt/smokeping/htdocs/smokeping.cgi
>root 26169 0.0 0.1 21092 7392 ? Ss 13:46 0:00
>/usr/sbin/httpd
>apache 26171 0.0 0.2 28576 11752 ? S 13:46 0:03
>/usr/sbin/httpd
>apache 26172 0.0 0.2 27828 10860 ? S 13:46 0:01
>/usr/sbin/httpd
>apache 26173 0.0 0.2 28740 11836 ? S 13:46 0:02
>/usr/sbin/httpd
>apache 26174 0.0 0.2 28652 11800 ? S 13:46 0:01
>/usr/sbin/httpd
>apache 26175 0.0 0.2 28756 11840 ? S 13:46 0:01
>/usr/sbin/httpd
>apache 26176 0.0 0.2 28752 11936 ? S 13:46 0:03
>/usr/sbin/httpd
>apache 26177 0.0 0.2 28748 11840 ? S 13:46 0:02
>/usr/sbin/httpd
>apache 26178 0.0 0.2 28576 11756 ? S 13:46 0:01
>/usr/sbin/httpd
>root 27449 0.0 0.1 27412 6448 ? Sl Nov02 0:09
>/usr/sbin/snmpd -Lsd -Lf /dev/null -p /var/run/snmpd.pid -a
>nagios 27615 0.4 0.0 17344 2252 ? Ssl Nov02 7:03
>/usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
>apache 30585 0.0 0.2 28588 11768 ? S 13:56 0:03
>/usr/sbin/httpd
>apache 30617 0.0 0.4 28508 18248 ? S 13:56 0:06
>/usr/bin/speedy_backend -w /opt/smokeping/htdocs/smokeping.cgi
>root 31883 0.0 0.0 7072 1072 ? Ss 15:13 0:00
>/usr/sbin/sshd
>root 31936 0.0 0.0 13956 3732 ? Ss 15:13 0:00 sshd:
>echatham [priv]
>echatham 32005 0.0 0.0 13956 2260 ? S 15:13 0:00 sshd:
>echatham at notty
>echatham 32006 0.0 0.0 9708 2200 ? Ss 15:13 0:00
>/usr/libexec/openssh/sftp-server
>[smokeping at dalimnag02 ~]$ id smokeping
>uid=1002(smokeping) gid=1003(smokeping) groups=1003(smokeping)
>context=user_u:system_r:unconfined_t
>[smokeping@ ~]$
>
>From: smokeping-users-bounces at lists.oetiker.ch [mailto:smokeping-users-
>bounces at lists.oetiker.ch] On Behalf Of Eric Chatham
>Sent: Tuesday, November 03, 2009 15:29
>To: Peter Kristolaitis
>Cc: smokeping-users at lists.oetiker.ch
>Subject: Re: [smokeping-users] Slave cannot open Secrets file (Permisson
>Denied)
>
>Hello,
>
>How can I tell if it’s running under UID or GID? I never had a problem before
>with this running. I’m running this under root on both master and slave
>server. Secrets.conf is owned by root user and group.
>
>From: Peter Kristolaitis [mailto:alter3d at alter3d.ca]
>Sent: Tuesday, November 03, 2009 15:25
>To: Eric Chatham
>Cc: smokeping-users at lists.oetiker.ch
>Subject: Re: [smokeping-users] Slave cannot open Secrets file (Permisson
>Denied)
>
>I suspect it's a file ownership problem.
>
>Is smokeping running with UID root or GID root (the two conditions which would
>allow it to access that file given the ownership and permissions)? Most
>installations of smokeping run under non-privileged UID/GID for security.
>
>
>
>
>
>Eric Chatham wrote:
>Hello,
>
>I had this working at one time with giving the secrets file 640 permissions.
>Our hardware failed on our Linux server, so I had to re-install all our
>applications from a backup. One of the apps was smokeping. I re-installed
>the program and just restored the configs from the backup.
>
>Can someone tell me why I’m now having a problem on the slave server trying to
>open the secrets.conf file on the master server? I keep getting this error:
>
>WARNING: Opening secrets file /opt/smokeping/etc/secrets.conf: Permission
>denied
>
>ERROR: we did not get config from the master. Maybe we are not configured as a
>slave for any of the targets on the master ?
>
>Here is my secrets.conf stat:
>
>stat secrets.conf
> File: `secrets.conf'
> Size: 56 Blocks: 16 IO Block: 4096 regular file
>Device: fd00h/64768d Inode: 4423683 Links: 1
>Access: (0640/-rw-r-----) Uid: ( 0/ root) Gid: ( 0/ root)
>Access: 2009-11-03 13:21:26.000000000 -0600
>Modify: 2009-11-02 15:06:10.000000000 -0600
>Change: 2009-11-03 13:36:58.000000000 -0600
>
>Eric Chatham
>MIS Department
>Phone: (216) 373-4683
>Fax: (216) 373-4669
>echatham at broadvox.com
>
>
>
>________________________________________
>CONFIDENTIAL. This e-mail and any attached files are confidential and should
>be destroyed and/or returned if you are not the intended and proper recipient.
>
>
>
>
>
>
>
>
>________________________________________
>
>
>
>
>
>
>
>
>
>
>_______________________________________________
>smokeping-users mailing list
>smokeping-users at lists.oetiker.ch
>https://lists.oetiker.ch/cgi-bin/listinfo/smokeping-users
>
>
>
>________________________________________
>CONFIDENTIAL. This e-mail and any attached files are confidential and should
>be destroyed and/or returned if you are not the intended and proper recipient.
>
>________________________________________
>CONFIDENTIAL. This e-mail and any attached files are confidential and should
>be destroyed and/or returned if you are not the intended and proper recipient.
>
>
>CONFIDENTIAL. This e-mail and any attached files are confidential and should
>be destroyed and/or returned if you are not the intended and proper recipient.
>_______________________________________________
>smokeping-users mailing list
>smokeping-users at lists.oetiker.ch
>https://lists.oetiker.ch/cgi-bin/listinfo/smokeping-users
CONFIDENTIAL. This e-mail and any attached files are confidential and should be destroyed and/or returned if you are not the intended and proper recipient.
More information about the smokeping-users
mailing list