[smokeping-users] using sudo in an alert

Ryan Becker rb14060 at gmail.com
Fri Jul 27 02:16:12 CEST 2012


ALL=(ALL) is not correct. Look back at the example I gave you. It should be
ALL = NOPASSWD: ALL.
On Jul 26, 2012 7:42 PM, "Andrew Pattison" <andrum99 at gmail.com> wrote:

> I cannot su to the smokeping user for some reason. Perhaps this is because
> the smokeping user's shell is set to /bin/false.
>
> The script is to switch GPIO pins on my new Raspberry Pi (see
> www.raspberrypi.org). The script needs to run as root so that it can
> access the GPIO pins.
>
> I tried running a shell script on the same alert using sudo and without
> sudo. It only works without sudo. Here is the relevant line from
> /etc/sudoers:
>
> smokeping ALL=(ALL) NOPASSWD: ALL
>
> Thanks
>
> Andrew.
>
> On 27 July 2012 00:13, Jim Long <smokeping at museum.rain.com> wrote:
>
>> On Thu, Jul 26, 2012 at 11:56:41PM +0100, Andrew Pattison wrote:
>> > I tried that but it still doesn't work. The alert is triggered as it is
>> > logged in /var/messages but either smokeping is not calling the script
>> or
>> > the call is failing. Any ideas?
>> >
>> > Andrew.
>>
>> Once again, please pardon the basics.
>>
>> Using su, change your effective user ID to the smokeping user,
>> whatever user you run smokeping under (the user account under
>> which the alerts get invoked).  Verify that this is so:
>>
>> $ touch /tmp/foo
>> $ ls -l /tmp/foo
>> (should show zero bytes, ownership by smokeping user)
>> $ rm /tmp/foo
>>
>> Then manually invoke the same sudo command line that you're using
>> in the alerts.  Does it ask you for a password?  If so, your
>> sudoers file is not set up correctly.
>>
>> Set your script aside, and try this script 'test.sh' instead:
>>
>> #!/bin/sh
>> rm -rf /tmp/smokeping-sudo.log
>> ( date; set; echo '--' ) > /tmp/smokeping-sudo.log
>>
>> Does that write data into /tmp/smokeping-sudo.log?  Examine the
>> set output to confirm that the effective user ID is root/UID 0.
>> Since that script runs under sudo as root, you should also see
>> that /tmp/smokeping-sudo.log is owned by root.
>>
>> Lastly, consider whether your entire alert script really needs to
>> run under sudo or just one specific command (or only a small
>> number).  Think about whether it is feasible to call the script
>> directly, and use sudo only from within the script, on only those
>> few commands where it is necessary.  Are there any weird
>> characters in your sudo command line that should be quoted or
>> escaped?  Can you share the contents of your alert command and
>> the pertinent line of your sudoers file, and some 'ps' output
>> that shows the username you use to run smokeping under?
>>
>> Hope this helps.
>>
>> Jim
>>
>>
>> > On 25 July 2012 17:23, Ryan Becker <rb14060 at gmail.com> wrote:
>> >
>> > > Try using the absolute path to the script in the sudoers file.  Also,
>> the
>> > > /etc/sudoers file should NOT be edited directly, you should be using
>> the
>> > > visudo command as root.
>> > >
>> > > On Wed, Jul 25, 2012 at 4:41 AM, Andrew Pattison <andrum99 at gmail.com
>> >wrote:
>> > >
>> > >> I've got something similar in in /etc/sudoers already.
>> > >>
>> > >> Thanks
>> > >>
>> > >> Andrew.
>> > >>
>> > >>
>> > >> On 24 July 2012 23:15, Ryan Becker <rb14060 at gmail.com> wrote:
>> > >>
>> > >>> Make sure that the user is allowed to execute the script without a
>> > >>> password.  Here's an example that you can modify to suit your
>> > >>> needs: techbnc ALL = NOPASSWD: /usr/sbin/csf
>> > >>> In this example the user techbnc is allowed to call /usr/sbin/csf
>> > >>> without needing a password.  What's happening is that normally when
>> sudo is
>> > >>> called, it asks for the password and Smokeping has no way to
>> provide that
>> > >>> password.  By adding the user to the file with NOPASSWD, they are
>> allowed
>> > >>> to execute the script without being password prompted and therefore
>> > >>> Smokeping will be able to complete the action.
>> > >>>
>> > >>> On Tue, Jul 24, 2012 at 5:35 PM, Andrew Pattison <
>> andrum99 at gmail.com>wrote:
>> > >>>
>> > >>>> I am trying to set up smokeping with an alert script. The alert
>> script
>> > >>>> is called like this entry in /etc/smokeping/config.d/Alerts:
>> > >>>>
>> > >>>> to = |sudo script.py
>> > >>>>
>> > >>>> When called as simply |script.py this works fine, but with sudo the
>> > >>>> script does not get called. How can I get this working?
>> > >>>>
>> > >>>> Thanks
>> > >>>>
>> > >>>> Andrew.
>> > >>>>
>> > >>>> _______________________________________________
>> > >>>> smokeping-users mailing list
>> > >>>> smokeping-users at lists.oetiker.ch
>> > >>>> https://lists.oetiker.ch/cgi-bin/listinfo/smokeping-users
>> > >>>>
>> > >>>>
>> > >>>
>> > >>
>> > >
>>
>> > _______________________________________________
>> > smokeping-users mailing list
>> > smokeping-users at lists.oetiker.ch
>> > https://lists.oetiker.ch/cgi-bin/listinfo/smokeping-users
>>
>>
>
> _______________________________________________
> smokeping-users mailing list
> smokeping-users at lists.oetiker.ch
> https://lists.oetiker.ch/cgi-bin/listinfo/smokeping-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.oetiker.ch/pipermail/smokeping-users/attachments/20120726/c099a42a/attachment-0001.htm 


More information about the smokeping-users mailing list