[smokeping-users] Slave cannot open Secrets file (Permisson Denied)
Eric Chatham
echatham at broadvox.com
Mon Nov 9 19:12:52 CET 2009
Thank you, Tobi. It worked! :)
>-----Original Message-----
>From: Tobias Oetiker [mailto:tobi at oetiker.ch]
>Sent: Monday, November 09, 2009 13:07
>To: Eric Chatham
>Cc: smokeping-users at lists.oetiker.ch
>Subject: Re: [smokeping-users] Slave cannot open Secrets file (Permisson
>Denied)
>
>Hi Eric,
>
>Today Eric Chatham wrote:
>
>> Hello,
>>
>> Was anyone able to come up with a solution to this?
>
>the problem is that your webserver is probaly running smokeping.cgi
>as user nobody or httpd ... and this user does not have access to
>secrets.conf ... you may want to try
>
>chown httpd /opt/smokeping/etc/secrets.conf
>
>
>even better would be to use suexec on your webserver and have a
>separate smokeping user for running both the daemon as well as the
>cgi ...
>
>hth
>tobi
>
>>
>> Thank you, Eric.
>>
>> >-----Original Message-----
>> >From: smokeping-users-bounces at lists.oetiker.ch [mailto:smokeping-users-
>> >bounces at lists.oetiker.ch] On Behalf Of Eric Chatham
>> >Sent: Wednesday, November 04, 2009 15:01
>> >To: smokeping-users at lists.oetiker.ch
>> >Subject: Re: [smokeping-users] Slave cannot open Secrets file (Permisson
>> >Denied)
>> >
>> >Hi Peter,
>> >
>> >Thank you for replying. That?s the part that doesn?t make sense. This is
>the
>> >command I run on the slave machine to daemonize smokeping.
>> >
>> >SLAVE DAEMON:
>> >
>> >/home/smokeping/alt/smokeping/bin/smokeping --master-
>> >url=http://server02.broadvox.net/smokeping/smokeping.cgi --shared-
>> >secret=/opt/smokeping/secret.txt --cache-dir=/var/tmp/
>> >WARNING: Opening secrets file /opt/smokeping/etc/secrets.conf: Permission
>> >denied
>> >
>> >ERROR: we did not get config from the master. Maybe we are not configured
>as a
>> >slave for any of the targets on the master ?
>> >
>> >
>> >There is no secrets.conf file on the slave machine ? only the answer file,
>> >called secret.txt, and the error on the slave references the location of
>> >secrets.conf on the master server. Our Linux Server crashed a few days
>ago.
>> >I re-installed CentOS 5.1 on the server. This was the original OS on there
>> >too. The only difference in the smokeping installation was in the version
>of
>> >RRDTool I used (1.3 ? 1.4). That?s it. All the configs were restored from
>a
>> >backup.
>> >
>> >On the master, I daemonize smokeping from the /opt directory. That is
>where I
>> >have installed smokeping; that was where it was installed beforehand as
>well.
>> >Yes, iptables on the master server allows access from the slave. As I
>> >mentioned, I did get it to work by giving secrets.conf on the master, 444
>> >permissions; however, when I changed the permissions of that file back to
>440
>> >? for example, that?s when I get the permissions denied error on the slave.
>> >
>> >MASTER DAEMON:
>> >/opt/smokeping/bin/smokeping ?restart
>> >
>> >Thank you for any assistance with this. ?
>> >
>> >From: Peter Kristolaitis [mailto:alter3d at alter3d.ca]
>> >Sent: Tuesday, November 03, 2009 23:51
>> >To: Eric Chatham
>> >Cc: smokeping-users at lists.oetiker.ch
>> >Subject: Re: [smokeping-users] Slave cannot open Secrets file (Permisson
>> >Denied)
>> >
>> >The permissions of the config file on the master have *absolutely nothing*
>to
>> >do with the permissions of the config file on the slave. This is a file
>> >permission issue on the slave machine -- whatever context smokeping is
>running
>> >under is unable to read the secrets.conf file *on the slave machine*.
>> >
>> >To help in troubleshooting: What distribution of Linux (or *BSD, etc) are
>you
>> >using? Did you install Smokeping from a package or manually? How are you
>> >starting the slave -- and if it's manually, can you include your script, if
>> >any?
>> >
>> >
>> >
>> >Eric Chatham wrote:
>> >This still doesn?t make sense at all. This is a conundrum!
>> >
>> >When I set read to the everyone group for secrets.conf file (eg, 444) on
>the
>> >master and start the daemon on the slave, it works fine.
>> >
>> >BUT, if I go and try to restart the daemon on the master it says ?ERROR:
>> >/opt/smokeping/etc/config, line 137: File '/opt/smokeping/etc/secrets.conf'
>is
>> >world-readable or writable, refusing it.? When I reset the permissions to
>> >read only on the master (eg 440), I am able to re-daemonize smokeping on
>> >master.
>> >
>> >BUT, when I go back to the slave and try to re-daemonize, I get ?WARNING:
>> >Opening secrets file /opt/smokeping/etc/secrets.conf: Permission denied.
>> >ERROR: we did not get config from the master. Maybe we are not configured
>as a
>> >slave for any of the targets on the master??
>> >
>> >This does not make sense
>> >
>> >From: Eric Chatham
>> >Sent: Tuesday, November 03, 2009 17:01
>> >To: Eric Chatham; Peter Kristolaitis
>> >Cc: smokeping-users at lists.oetiker.ch
>> >Subject: RE: [smokeping-users] Slave cannot open Secrets file (Permisson
>> >Denied)
>> >
>> >I changed the master so smokeping runs under smokeping user (uid 1002). I
>> >still can?t daemonize smokeping on the slave.
>> >
>> >1002 17841 0.0 0.3 30248 16468 ? Ss 15:55 0:00
>/usr/bin/perl
>> >-w /opt/smokeping/bin/smokeping -restart
>> >1002 17842 0.0 0.3 30248 16392 ? S 15:55 0:00
>> >/opt/smokeping/bin/smokeping [FPing_III]
>> >1002 17843 0.0 0.3 30248 16308 ? S 15:55 0:00
>> >/opt/smokeping/bin/smokeping [FPing_II]
>> >1002 17844 0.0 0.3 30248 16308 ? S 15:55 0:00
>> >/opt/smokeping/bin/smokeping [FPing_IV]
>> >1002 17845 0.0 0.3 30248 16228 ? S 15:55 0:00
>> >/opt/smokeping/bin/smokeping [FPing_default]
>> >1002 17846 0.0 0.3 30248 16228 ? S 15:55 0:00
>> >/opt/smokeping/bin/smokeping [FPing_I]
>> >1002 17976 0.0 0.0 1716 540 ? S 15:56 0:00
>> >/usr/local/sbin/fping -C 20 -q -B1 -r1 -i10 71.182.234.59 204.15.16
>> >nagios 17984 0.0 0.0 17348 1580 ? S 15:56 0:00
>> >/usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
>> >nagios 17985 0.0 0.0 3908 712 ? S 15:56 0:00
>> >/usr/local/nagios/libexec/check_ping -H 10.128.54.222 -w 100.00,20%
>> >nagios 17986 0.0 0.0 1836 528 ? S 15:56 0:00 /bin/ping
>-n
>> >-U -w 10 -c 5 10.128.54.222
>> >nagios 18002 0.0 0.0 17348 1580 ? S 15:56 0:00
>> >/usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
>> >nagios 18003 0.0 0.0 3904 712 ? S 15:56 0:00
>> >/usr/local/nagios/libexec/check_ping -H 10.128.95.249 -w 3000.0,80%
>> >nagios 18005 0.0 0.0 1840 544 ? S 15:56 0:00 /bin/ping
>-n
>> >-U -w 30 -c 5 10.128.95.249
>> >nagios 18009 0.0 0.0 17348 1580 ? S 15:56 0:00
>> >/usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
>> >nagios 18010 7.3 0.1 10620 6828 ? S 15:56 0:00
>/usr/bin/perl
>> >/usr/local/nagios/libexec/check_uptime.pl -H 10.10.3.
>> >1002 18023 0.0 0.0 7920 1680 pts/2 R+ 15:56 0:00 ps aux
>> >root 18807 0.0 0.0 5296 1196 ? Ss 08:29 0:00 crond
>> >root 20761 0.0 0.0 4532 1192 pts/2 S 09:48 0:00 /bin/sh
>> >/usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var
>> >mysql 20811 0.0 0.5 145232 23176 pts/2 Sl 09:48 0:19
>> >/usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=
>> >apache 24728 0.2 0.5 30584 21796 ? S 13:42 0:17
>> >/usr/bin/speedy_backend -w /opt/smokeping/htdocs/smokeping.cgi
>> >root 26169 0.0 0.1 21092 7392 ? Ss 13:46 0:00
>> >/usr/sbin/httpd
>> >apache 26171 0.0 0.2 28576 11752 ? S 13:46 0:03
>> >/usr/sbin/httpd
>> >apache 26172 0.0 0.2 27828 10860 ? S 13:46 0:01
>> >/usr/sbin/httpd
>> >apache 26173 0.0 0.2 28740 11836 ? S 13:46 0:02
>> >/usr/sbin/httpd
>> >apache 26174 0.0 0.2 28652 11800 ? S 13:46 0:01
>> >/usr/sbin/httpd
>> >apache 26175 0.0 0.2 28756 11840 ? S 13:46 0:01
>> >/usr/sbin/httpd
>> >apache 26176 0.0 0.2 28752 11936 ? S 13:46 0:03
>> >/usr/sbin/httpd
>> >apache 26177 0.0 0.2 28748 11840 ? S 13:46 0:02
>> >/usr/sbin/httpd
>> >apache 26178 0.0 0.2 28576 11756 ? S 13:46 0:01
>> >/usr/sbin/httpd
>> >root 27449 0.0 0.1 27412 6448 ? Sl Nov02 0:09
>> >/usr/sbin/snmpd -Lsd -Lf /dev/null -p /var/run/snmpd.pid -a
>> >nagios 27615 0.4 0.0 17344 2252 ? Ssl Nov02 7:03
>> >/usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
>> >apache 30585 0.0 0.2 28588 11768 ? S 13:56 0:03
>> >/usr/sbin/httpd
>> >apache 30617 0.0 0.4 28508 18248 ? S 13:56 0:06
>> >/usr/bin/speedy_backend -w /opt/smokeping/htdocs/smokeping.cgi
>> >root 31883 0.0 0.0 7072 1072 ? Ss 15:13 0:00
>> >/usr/sbin/sshd
>> >root 31936 0.0 0.0 13956 3732 ? Ss 15:13 0:00 sshd:
>> >echatham [priv]
>> >echatham 32005 0.0 0.0 13956 2260 ? S 15:13 0:00 sshd:
>> >echatham at notty
>> >echatham 32006 0.0 0.0 9708 2200 ? Ss 15:13 0:00
>> >/usr/libexec/openssh/sftp-server
>> >[smokeping at dalimnag02 ~]$ id smokeping
>> >uid=1002(smokeping) gid=1003(smokeping) groups=1003(smokeping)
>> >context=user_u:system_r:unconfined_t
>> >[smokeping@ ~]$
>> >
>> >From: smokeping-users-bounces at lists.oetiker.ch [mailto:smokeping-users-
>> >bounces at lists.oetiker.ch] On Behalf Of Eric Chatham
>> >Sent: Tuesday, November 03, 2009 15:29
>> >To: Peter Kristolaitis
>> >Cc: smokeping-users at lists.oetiker.ch
>> >Subject: Re: [smokeping-users] Slave cannot open Secrets file (Permisson
>> >Denied)
>> >
>> >Hello,
>> >
>> >How can I tell if it?s running under UID or GID? I never had a problem
>before
>> >with this running. I?m running this under root on both master and slave
>> >server. Secrets.conf is owned by root user and group.
>> >
>> >From: Peter Kristolaitis [mailto:alter3d at alter3d.ca]
>> >Sent: Tuesday, November 03, 2009 15:25
>> >To: Eric Chatham
>> >Cc: smokeping-users at lists.oetiker.ch
>> >Subject: Re: [smokeping-users] Slave cannot open Secrets file (Permisson
>> >Denied)
>> >
>> >I suspect it's a file ownership problem.
>> >
>> >Is smokeping running with UID root or GID root (the two conditions which
>would
>> >allow it to access that file given the ownership and permissions)? Most
>> >installations of smokeping run under non-privileged UID/GID for security.
>> >
>> >
>> >
>> >
>> >
>> >Eric Chatham wrote:
>> >Hello,
>> >
>> >I had this working at one time with giving the secrets file 640
>permissions.
>> >Our hardware failed on our Linux server, so I had to re-install all our
>> >applications from a backup. One of the apps was smokeping. I re-installed
>> >the program and just restored the configs from the backup.
>> >
>> >Can someone tell me why I?m now having a problem on the slave server trying
>to
>> >open the secrets.conf file on the master server? I keep getting this
>error:
>> >
>> >WARNING: Opening secrets file /opt/smokeping/etc/secrets.conf: Permission
>> >denied
>> >
>> >ERROR: we did not get config from the master. Maybe we are not configured
>as a
>> >slave for any of the targets on the master ?
>> >
>> >Here is my secrets.conf stat:
>> >
>> >stat secrets.conf
>> > File: `secrets.conf'
>> > Size: 56 Blocks: 16 IO Block: 4096 regular file
>> >Device: fd00h/64768d Inode: 4423683 Links: 1
>> >Access: (0640/-rw-r-----) Uid: ( 0/ root) Gid: ( 0/ root)
>> >Access: 2009-11-03 13:21:26.000000000 -0600
>> >Modify: 2009-11-02 15:06:10.000000000 -0600
>> >Change: 2009-11-03 13:36:58.000000000 -0600
>> >
>> >Eric Chatham
>> >MIS Department
>> >Phone: (216) 373-4683
>> >Fax: (216) 373-4669
>> >echatham at broadvox.com
>> >
>> >
>> >
>> >________________________________________
>> >CONFIDENTIAL. This e-mail and any attached files are confidential and
>should
>> >be destroyed and/or returned if you are not the intended and proper
>recipient.
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >________________________________________
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >_______________________________________________
>> >smokeping-users mailing list
>> >smokeping-users at lists.oetiker.ch
>> >https://lists.oetiker.ch/cgi-bin/listinfo/smokeping-users
>> >
>> >
>> >
>> >________________________________________
>> >CONFIDENTIAL. This e-mail and any attached files are confidential and
>should
>> >be destroyed and/or returned if you are not the intended and proper
>recipient.
>> >
>> >________________________________________
>> >CONFIDENTIAL. This e-mail and any attached files are confidential and
>should
>> >be destroyed and/or returned if you are not the intended and proper
>recipient.
>> >
>> >
>> >CONFIDENTIAL. This e-mail and any attached files are confidential and
>should
>> >be destroyed and/or returned if you are not the intended and proper
>recipient.
>> >_______________________________________________
>> >smokeping-users mailing list
>> >smokeping-users at lists.oetiker.ch
>> >https://lists.oetiker.ch/cgi-bin/listinfo/smokeping-users
>>
>> CONFIDENTIAL. This e-mail and any attached files are confidential and
>should be destroyed and/or returned if you are not the intended and proper
>recipient.
>> _______________________________________________
>> smokeping-users mailing list
>> smokeping-users at lists.oetiker.ch
>> https://lists.oetiker.ch/cgi-bin/listinfo/smokeping-users
>>
>
>--
>Tobi Oetiker, OETIKER+PARTNER AG, Aarweg 15 CH-4600 Olten, Switzerland
>http://it.oetiker.ch tobi at oetiker.ch ++41 62 775 9902 / sb: -9900
CONFIDENTIAL. This e-mail and any attached files are confidential and should be destroyed and/or returned if you are not the intended and proper recipient.
More information about the smokeping-users
mailing list