[smokeping-users] using sudo in an alert
Andrew Pattison
andrum99 at gmail.com
Fri Jul 27 01:42:23 CEST 2012
I cannot su to the smokeping user for some reason. Perhaps this is because
the smokeping user's shell is set to /bin/false.
The script is to switch GPIO pins on my new Raspberry Pi (see
www.raspberrypi.org). The script needs to run as root so that it can access
the GPIO pins.
I tried running a shell script on the same alert using sudo and without
sudo. It only works without sudo. Here is the relevant line from
/etc/sudoers:
smokeping ALL=(ALL) NOPASSWD: ALL
Thanks
Andrew.
On 27 July 2012 00:13, Jim Long <smokeping at museum.rain.com> wrote:
> On Thu, Jul 26, 2012 at 11:56:41PM +0100, Andrew Pattison wrote:
> > I tried that but it still doesn't work. The alert is triggered as it is
> > logged in /var/messages but either smokeping is not calling the script or
> > the call is failing. Any ideas?
> >
> > Andrew.
>
> Once again, please pardon the basics.
>
> Using su, change your effective user ID to the smokeping user,
> whatever user you run smokeping under (the user account under
> which the alerts get invoked). Verify that this is so:
>
> $ touch /tmp/foo
> $ ls -l /tmp/foo
> (should show zero bytes, ownership by smokeping user)
> $ rm /tmp/foo
>
> Then manually invoke the same sudo command line that you're using
> in the alerts. Does it ask you for a password? If so, your
> sudoers file is not set up correctly.
>
> Set your script aside, and try this script 'test.sh' instead:
>
> #!/bin/sh
> rm -rf /tmp/smokeping-sudo.log
> ( date; set; echo '--' ) > /tmp/smokeping-sudo.log
>
> Does that write data into /tmp/smokeping-sudo.log? Examine the
> set output to confirm that the effective user ID is root/UID 0.
> Since that script runs under sudo as root, you should also see
> that /tmp/smokeping-sudo.log is owned by root.
>
> Lastly, consider whether your entire alert script really needs to
> run under sudo or just one specific command (or only a small
> number). Think about whether it is feasible to call the script
> directly, and use sudo only from within the script, on only those
> few commands where it is necessary. Are there any weird
> characters in your sudo command line that should be quoted or
> escaped? Can you share the contents of your alert command and
> the pertinent line of your sudoers file, and some 'ps' output
> that shows the username you use to run smokeping under?
>
> Hope this helps.
>
> Jim
>
>
> > On 25 July 2012 17:23, Ryan Becker <rb14060 at gmail.com> wrote:
> >
> > > Try using the absolute path to the script in the sudoers file. Also,
> the
> > > /etc/sudoers file should NOT be edited directly, you should be using
> the
> > > visudo command as root.
> > >
> > > On Wed, Jul 25, 2012 at 4:41 AM, Andrew Pattison <andrum99 at gmail.com
> >wrote:
> > >
> > >> I've got something similar in in /etc/sudoers already.
> > >>
> > >> Thanks
> > >>
> > >> Andrew.
> > >>
> > >>
> > >> On 24 July 2012 23:15, Ryan Becker <rb14060 at gmail.com> wrote:
> > >>
> > >>> Make sure that the user is allowed to execute the script without a
> > >>> password. Here's an example that you can modify to suit your
> > >>> needs: techbnc ALL = NOPASSWD: /usr/sbin/csf
> > >>> In this example the user techbnc is allowed to call /usr/sbin/csf
> > >>> without needing a password. What's happening is that normally when
> sudo is
> > >>> called, it asks for the password and Smokeping has no way to provide
> that
> > >>> password. By adding the user to the file with NOPASSWD, they are
> allowed
> > >>> to execute the script without being password prompted and therefore
> > >>> Smokeping will be able to complete the action.
> > >>>
> > >>> On Tue, Jul 24, 2012 at 5:35 PM, Andrew Pattison <andrum99 at gmail.com
> >wrote:
> > >>>
> > >>>> I am trying to set up smokeping with an alert script. The alert
> script
> > >>>> is called like this entry in /etc/smokeping/config.d/Alerts:
> > >>>>
> > >>>> to = |sudo script.py
> > >>>>
> > >>>> When called as simply |script.py this works fine, but with sudo the
> > >>>> script does not get called. How can I get this working?
> > >>>>
> > >>>> Thanks
> > >>>>
> > >>>> Andrew.
> > >>>>
> > >>>> _______________________________________________
> > >>>> smokeping-users mailing list
> > >>>> smokeping-users at lists.oetiker.ch
> > >>>> https://lists.oetiker.ch/cgi-bin/listinfo/smokeping-users
> > >>>>
> > >>>>
> > >>>
> > >>
> > >
>
> > _______________________________________________
> > smokeping-users mailing list
> > smokeping-users at lists.oetiker.ch
> > https://lists.oetiker.ch/cgi-bin/listinfo/smokeping-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.oetiker.ch/pipermail/smokeping-users/attachments/20120727/8b3923f8/attachment.htm
More information about the smokeping-users
mailing list