[smokeping-users] Slave cannot open Secrets file (Permisson Denied)

Eric Chatham echatham at broadvox.com
Mon Nov 9 19:12:52 CET 2009


Thank you, Tobi.  It worked! :)

>-----Original Message-----
>From: Tobias Oetiker [mailto:tobi at oetiker.ch]
>Sent: Monday, November 09, 2009 13:07
>To: Eric Chatham
>Cc: smokeping-users at lists.oetiker.ch
>Subject: Re: [smokeping-users] Slave cannot open Secrets file (Permisson
>Denied)
>
>Hi Eric,
>
>Today Eric Chatham wrote:
>
>> Hello,
>>
>> Was anyone able to come up with a solution to this?
>
>the problem is that your webserver is probaly running smokeping.cgi
>as user nobody or httpd ... and this user does not have access to
>secrets.conf ... you may want to try
>
>chown httpd /opt/smokeping/etc/secrets.conf
>
>
>even better would be to use suexec on your webserver and have a
>separate smokeping user for running both the daemon as well as the
>cgi ...
>
>hth
>tobi
>
>>
>> Thank you, Eric.
>>
>> >-----Original Message-----
>> >From: smokeping-users-bounces at lists.oetiker.ch [mailto:smokeping-users-
>> >bounces at lists.oetiker.ch] On Behalf Of Eric Chatham
>> >Sent: Wednesday, November 04, 2009 15:01
>> >To: smokeping-users at lists.oetiker.ch
>> >Subject: Re: [smokeping-users] Slave cannot open Secrets file (Permisson
>> >Denied)
>> >
>> >Hi Peter,
>> >
>> >Thank you for replying.  That?s the part that doesn?t make sense.  This is
>the
>> >command I run on the slave machine to daemonize smokeping.
>> >
>> >SLAVE DAEMON:
>> >
>> >/home/smokeping/alt/smokeping/bin/smokeping --master-
>> >url=http://server02.broadvox.net/smokeping/smokeping.cgi --shared-
>> >secret=/opt/smokeping/secret.txt --cache-dir=/var/tmp/
>> >WARNING: Opening secrets file /opt/smokeping/etc/secrets.conf: Permission
>> >denied
>> >
>> >ERROR: we did not get config from the master. Maybe we are not configured
>as a
>> >slave for any of the targets on the master ?
>> >
>> >
>> >There is no secrets.conf file on the slave machine ? only the answer file,
>> >called secret.txt, and the error on the slave references the location of
>> >secrets.conf  on the master server.  Our Linux Server crashed a few days
>ago.
>> >I re-installed CentOS 5.1 on the server.  This was the original OS on there
>> >too.  The only difference in the smokeping installation was in the version
>of
>> >RRDTool I used (1.3 ? 1.4).  That?s it.  All the configs were restored from
>a
>> >backup.
>> >
>> >On the master, I daemonize smokeping from the /opt directory.  That is
>where I
>> >have installed smokeping; that was where it was installed beforehand as
>well.
>> >Yes, iptables on the master server allows access from the slave.  As I
>> >mentioned, I did get it to work by giving secrets.conf on the master, 444
>> >permissions; however, when I changed the permissions of that file back to
>440
>> >? for example, that?s when I get the permissions denied error on the slave.
>> >
>> >MASTER DAEMON:
>> >/opt/smokeping/bin/smokeping ?restart
>> >
>> >Thank you for any assistance with this.  ?
>> >
>> >From: Peter Kristolaitis [mailto:alter3d at alter3d.ca]
>> >Sent: Tuesday, November 03, 2009 23:51
>> >To: Eric Chatham
>> >Cc: smokeping-users at lists.oetiker.ch
>> >Subject: Re: [smokeping-users] Slave cannot open Secrets file (Permisson
>> >Denied)
>> >
>> >The permissions of the config file on the master have *absolutely nothing*
>to
>> >do with the permissions of the config file on the slave.  This is a file
>> >permission issue on the slave machine -- whatever context smokeping is
>running
>> >under is unable to read the secrets.conf file *on the slave machine*.
>> >
>> >To help in troubleshooting:  What distribution of Linux (or *BSD, etc) are
>you
>> >using?  Did you install Smokeping from a package or manually?  How are you
>> >starting the slave -- and if it's manually, can you include your script, if
>> >any?
>> >
>> >
>> >
>> >Eric Chatham wrote:
>> >This still doesn?t make sense at all.  This is a conundrum!
>> >
>> >When I set read to the everyone group for secrets.conf file (eg, 444) on
>the
>> >master and start the daemon on the slave, it works fine.
>> >
>> >BUT, if I go and try to restart the daemon on the master it says ?ERROR:
>> >/opt/smokeping/etc/config, line 137: File '/opt/smokeping/etc/secrets.conf'
>is
>> >world-readable or writable, refusing it.?  When I reset the permissions to
>> >read only on the master (eg 440), I am able to re-daemonize smokeping on
>> >master.
>> >
>> >BUT, when I go back to the slave and try to re-daemonize, I get  ?WARNING:
>> >Opening secrets file /opt/smokeping/etc/secrets.conf: Permission denied.
>> >ERROR: we did not get config from the master. Maybe we are not configured
>as a
>> >slave for any of the targets on the master??
>> >
>> >This does not make sense
>> >
>> >From: Eric Chatham
>> >Sent: Tuesday, November 03, 2009 17:01
>> >To: Eric Chatham; Peter Kristolaitis
>> >Cc: smokeping-users at lists.oetiker.ch
>> >Subject: RE: [smokeping-users] Slave cannot open Secrets file (Permisson
>> >Denied)
>> >
>> >I changed the master so smokeping runs under smokeping user (uid 1002).  I
>> >still can?t daemonize smokeping on the slave.
>> >
>> >1002     17841  0.0  0.3  30248 16468 ?        Ss   15:55   0:00
>/usr/bin/perl
>> >-w /opt/smokeping/bin/smokeping -restart
>> >1002     17842  0.0  0.3  30248 16392 ?        S    15:55   0:00
>> >/opt/smokeping/bin/smokeping [FPing_III]
>> >1002     17843  0.0  0.3  30248 16308 ?        S    15:55   0:00
>> >/opt/smokeping/bin/smokeping [FPing_II]
>> >1002     17844  0.0  0.3  30248 16308 ?        S    15:55   0:00
>> >/opt/smokeping/bin/smokeping [FPing_IV]
>> >1002     17845  0.0  0.3  30248 16228 ?        S    15:55   0:00
>> >/opt/smokeping/bin/smokeping [FPing_default]
>> >1002     17846  0.0  0.3  30248 16228 ?        S    15:55   0:00
>> >/opt/smokeping/bin/smokeping [FPing_I]
>> >1002     17976  0.0  0.0   1716   540 ?        S    15:56   0:00
>> >/usr/local/sbin/fping -C 20 -q -B1 -r1 -i10 71.182.234.59 204.15.16
>> >nagios   17984  0.0  0.0  17348  1580 ?        S    15:56   0:00
>> >/usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
>> >nagios   17985  0.0  0.0   3908   712 ?        S    15:56   0:00
>> >/usr/local/nagios/libexec/check_ping -H 10.128.54.222 -w 100.00,20%
>> >nagios   17986  0.0  0.0   1836   528 ?        S    15:56   0:00 /bin/ping
>-n
>> >-U -w 10 -c 5 10.128.54.222
>> >nagios   18002  0.0  0.0  17348  1580 ?        S    15:56   0:00
>> >/usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
>> >nagios   18003  0.0  0.0   3904   712 ?        S    15:56   0:00
>> >/usr/local/nagios/libexec/check_ping -H 10.128.95.249 -w 3000.0,80%
>> >nagios   18005  0.0  0.0   1840   544 ?        S    15:56   0:00 /bin/ping
>-n
>> >-U -w 30 -c 5 10.128.95.249
>> >nagios   18009  0.0  0.0  17348  1580 ?        S    15:56   0:00
>> >/usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
>> >nagios   18010  7.3  0.1  10620  6828 ?        S    15:56   0:00
>/usr/bin/perl
>> >/usr/local/nagios/libexec/check_uptime.pl -H 10.10.3.
>> >1002     18023  0.0  0.0   7920  1680 pts/2    R+   15:56   0:00 ps aux
>> >root     18807  0.0  0.0   5296  1196 ?        Ss   08:29   0:00 crond
>> >root     20761  0.0  0.0   4532  1192 pts/2    S    09:48   0:00 /bin/sh
>> >/usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var
>> >mysql    20811  0.0  0.5 145232 23176 pts/2    Sl   09:48   0:19
>> >/usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user=
>> >apache   24728  0.2  0.5  30584 21796 ?        S    13:42   0:17
>> >/usr/bin/speedy_backend -w /opt/smokeping/htdocs/smokeping.cgi
>> >root     26169  0.0  0.1  21092  7392 ?        Ss   13:46   0:00
>> >/usr/sbin/httpd
>> >apache   26171  0.0  0.2  28576 11752 ?        S    13:46   0:03
>> >/usr/sbin/httpd
>> >apache   26172  0.0  0.2  27828 10860 ?        S    13:46   0:01
>> >/usr/sbin/httpd
>> >apache   26173  0.0  0.2  28740 11836 ?        S    13:46   0:02
>> >/usr/sbin/httpd
>> >apache   26174  0.0  0.2  28652 11800 ?        S    13:46   0:01
>> >/usr/sbin/httpd
>> >apache   26175  0.0  0.2  28756 11840 ?        S    13:46   0:01
>> >/usr/sbin/httpd
>> >apache   26176  0.0  0.2  28752 11936 ?        S    13:46   0:03
>> >/usr/sbin/httpd
>> >apache   26177  0.0  0.2  28748 11840 ?        S    13:46   0:02
>> >/usr/sbin/httpd
>> >apache   26178  0.0  0.2  28576 11756 ?        S    13:46   0:01
>> >/usr/sbin/httpd
>> >root     27449  0.0  0.1  27412  6448 ?        Sl   Nov02   0:09
>> >/usr/sbin/snmpd -Lsd -Lf /dev/null -p /var/run/snmpd.pid -a
>> >nagios   27615  0.4  0.0  17344  2252 ?        Ssl  Nov02   7:03
>> >/usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg
>> >apache   30585  0.0  0.2  28588 11768 ?        S    13:56   0:03
>> >/usr/sbin/httpd
>> >apache   30617  0.0  0.4  28508 18248 ?        S    13:56   0:06
>> >/usr/bin/speedy_backend -w /opt/smokeping/htdocs/smokeping.cgi
>> >root     31883  0.0  0.0   7072  1072 ?        Ss   15:13   0:00
>> >/usr/sbin/sshd
>> >root     31936  0.0  0.0  13956  3732 ?        Ss   15:13   0:00 sshd:
>> >echatham [priv]
>> >echatham 32005  0.0  0.0  13956  2260 ?        S    15:13   0:00 sshd:
>> >echatham at notty
>> >echatham 32006  0.0  0.0   9708  2200 ?        Ss   15:13   0:00
>> >/usr/libexec/openssh/sftp-server
>> >[smokeping at dalimnag02 ~]$ id smokeping
>> >uid=1002(smokeping) gid=1003(smokeping) groups=1003(smokeping)
>> >context=user_u:system_r:unconfined_t
>> >[smokeping@ ~]$
>> >
>> >From: smokeping-users-bounces at lists.oetiker.ch [mailto:smokeping-users-
>> >bounces at lists.oetiker.ch] On Behalf Of Eric Chatham
>> >Sent: Tuesday, November 03, 2009 15:29
>> >To: Peter Kristolaitis
>> >Cc: smokeping-users at lists.oetiker.ch
>> >Subject: Re: [smokeping-users] Slave cannot open Secrets file (Permisson
>> >Denied)
>> >
>> >Hello,
>> >
>> >How can I tell if it?s running under UID or GID?  I never had a problem
>before
>> >with this running.  I?m running this under root on both master and slave
>> >server.  Secrets.conf is owned by root user and group.
>> >
>> >From: Peter Kristolaitis [mailto:alter3d at alter3d.ca]
>> >Sent: Tuesday, November 03, 2009 15:25
>> >To: Eric Chatham
>> >Cc: smokeping-users at lists.oetiker.ch
>> >Subject: Re: [smokeping-users] Slave cannot open Secrets file (Permisson
>> >Denied)
>> >
>> >I suspect it's a file ownership problem.
>> >
>> >Is smokeping running with UID root or GID root (the two conditions which
>would
>> >allow it to access that file given the ownership and permissions)?   Most
>> >installations of smokeping run under non-privileged UID/GID for security.
>> >
>> >
>> >
>> >
>> >
>> >Eric Chatham wrote:
>> >Hello,
>> >
>> >I had this working at one time with giving the secrets file 640
>permissions.
>> >Our hardware failed on our Linux server, so I had to re-install all our
>> >applications from a backup.  One of the apps was smokeping.  I re-installed
>> >the program and just restored the configs from the backup.
>> >
>> >Can someone tell me why I?m now having a problem on the slave server trying
>to
>> >open the secrets.conf file on the master server?  I keep getting this
>error:
>> >
>> >WARNING: Opening secrets file /opt/smokeping/etc/secrets.conf: Permission
>> >denied
>> >
>> >ERROR: we did not get config from the master. Maybe we are not configured
>as a
>> >slave for any of the targets on the master ?
>> >
>> >Here is my secrets.conf stat:
>> >
>> >stat secrets.conf
>> >  File: `secrets.conf'
>> >  Size: 56              Blocks: 16         IO Block: 4096   regular file
>> >Device: fd00h/64768d    Inode: 4423683     Links: 1
>> >Access: (0640/-rw-r-----)  Uid: (    0/    root)   Gid: (    0/    root)
>> >Access: 2009-11-03 13:21:26.000000000 -0600
>> >Modify: 2009-11-02 15:06:10.000000000 -0600
>> >Change: 2009-11-03 13:36:58.000000000 -0600
>> >
>> >Eric Chatham
>> >MIS Department
>> >Phone: (216) 373-4683
>> >Fax: (216) 373-4669
>> >echatham at broadvox.com
>> >
>> >
>> >
>> >________________________________________
>> >CONFIDENTIAL. This e-mail and any attached files are confidential and
>should
>> >be destroyed and/or returned if you are not the intended and proper
>recipient.
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >________________________________________
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>> >_______________________________________________
>> >smokeping-users mailing list
>> >smokeping-users at lists.oetiker.ch
>> >https://lists.oetiker.ch/cgi-bin/listinfo/smokeping-users
>> >
>> >
>> >
>> >________________________________________
>> >CONFIDENTIAL. This e-mail and any attached files are confidential and
>should
>> >be destroyed and/or returned if you are not the intended and proper
>recipient.
>> >
>> >________________________________________
>> >CONFIDENTIAL. This e-mail and any attached files are confidential and
>should
>> >be destroyed and/or returned if you are not the intended and proper
>recipient.
>> >
>> >
>> >CONFIDENTIAL.  This e-mail and any attached files are confidential and
>should
>> >be destroyed and/or returned if you are not the intended and proper
>recipient.
>> >_______________________________________________
>> >smokeping-users mailing list
>> >smokeping-users at lists.oetiker.ch
>> >https://lists.oetiker.ch/cgi-bin/listinfo/smokeping-users
>>
>> CONFIDENTIAL.  This e-mail and any attached files are confidential and
>should be destroyed and/or returned if you are not the intended and proper
>recipient.
>> _______________________________________________
>> smokeping-users mailing list
>> smokeping-users at lists.oetiker.ch
>> https://lists.oetiker.ch/cgi-bin/listinfo/smokeping-users
>>
>
>--
>Tobi Oetiker, OETIKER+PARTNER AG, Aarweg 15 CH-4600 Olten, Switzerland
>http://it.oetiker.ch tobi at oetiker.ch ++41 62 775 9902 / sb: -9900

CONFIDENTIAL.  This e-mail and any attached files are confidential and should be destroyed and/or returned if you are not the intended and proper recipient.



More information about the smokeping-users mailing list