[smokeping-users] using sudo in an alert

Jim Long smokeping at museum.rain.com
Fri Jul 27 01:13:30 CEST 2012


On Thu, Jul 26, 2012 at 11:56:41PM +0100, Andrew Pattison wrote:
> I tried that but it still doesn't work. The alert is triggered as it is
> logged in /var/messages but either smokeping is not calling the script or
> the call is failing. Any ideas?
> 
> Andrew.
 
Once again, please pardon the basics.

Using su, change your effective user ID to the smokeping user,
whatever user you run smokeping under (the user account under
which the alerts get invoked).  Verify that this is so:

$ touch /tmp/foo
$ ls -l /tmp/foo
(should show zero bytes, ownership by smokeping user)
$ rm /tmp/foo

Then manually invoke the same sudo command line that you're using
in the alerts.  Does it ask you for a password?  If so, your
sudoers file is not set up correctly.

Set your script aside, and try this script 'test.sh' instead:

#!/bin/sh
rm -rf /tmp/smokeping-sudo.log
( date; set; echo '--' ) > /tmp/smokeping-sudo.log

Does that write data into /tmp/smokeping-sudo.log?  Examine the
set output to confirm that the effective user ID is root/UID 0.
Since that script runs under sudo as root, you should also see
that /tmp/smokeping-sudo.log is owned by root.

Lastly, consider whether your entire alert script really needs to
run under sudo or just one specific command (or only a small
number).  Think about whether it is feasible to call the script
directly, and use sudo only from within the script, on only those
few commands where it is necessary.  Are there any weird
characters in your sudo command line that should be quoted or
escaped?  Can you share the contents of your alert command and
the pertinent line of your sudoers file, and some 'ps' output
that shows the username you use to run smokeping under?

Hope this helps.

Jim


> On 25 July 2012 17:23, Ryan Becker <rb14060 at gmail.com> wrote:
> 
> > Try using the absolute path to the script in the sudoers file.  Also, the
> > /etc/sudoers file should NOT be edited directly, you should be using the
> > visudo command as root.
> >
> > On Wed, Jul 25, 2012 at 4:41 AM, Andrew Pattison <andrum99 at gmail.com>wrote:
> >
> >> I've got something similar in in /etc/sudoers already.
> >>
> >> Thanks
> >>
> >> Andrew.
> >>
> >>
> >> On 24 July 2012 23:15, Ryan Becker <rb14060 at gmail.com> wrote:
> >>
> >>> Make sure that the user is allowed to execute the script without a
> >>> password.  Here's an example that you can modify to suit your
> >>> needs: techbnc ALL = NOPASSWD: /usr/sbin/csf
> >>> In this example the user techbnc is allowed to call /usr/sbin/csf
> >>> without needing a password.  What's happening is that normally when sudo is
> >>> called, it asks for the password and Smokeping has no way to provide that
> >>> password.  By adding the user to the file with NOPASSWD, they are allowed
> >>> to execute the script without being password prompted and therefore
> >>> Smokeping will be able to complete the action.
> >>>
> >>> On Tue, Jul 24, 2012 at 5:35 PM, Andrew Pattison <andrum99 at gmail.com>wrote:
> >>>
> >>>> I am trying to set up smokeping with an alert script. The alert script
> >>>> is called like this entry in /etc/smokeping/config.d/Alerts:
> >>>>
> >>>> to = |sudo script.py
> >>>>
> >>>> When called as simply |script.py this works fine, but with sudo the
> >>>> script does not get called. How can I get this working?
> >>>>
> >>>> Thanks
> >>>>
> >>>> Andrew.
> >>>>
> >>>> _______________________________________________
> >>>> smokeping-users mailing list
> >>>> smokeping-users at lists.oetiker.ch
> >>>> https://lists.oetiker.ch/cgi-bin/listinfo/smokeping-users
> >>>>
> >>>>
> >>>
> >>
> >

> _______________________________________________
> smokeping-users mailing list
> smokeping-users at lists.oetiker.ch
> https://lists.oetiker.ch/cgi-bin/listinfo/smokeping-users



More information about the smokeping-users mailing list