Closed Carlimeunier closed 7 years ago
Please provide ./configure output, and run spine this way for one pass..
./spine -R -V 5 -f 1 -l 1 -S
Also, run the command by hand. Likely FreeBSD has a minor difference in ping output:
/usr/bin/perl /data/www/cacti/scripts/ping.pl '10.10.102.201'
when i run the script by hand, there is no error :
/usr/bin/perl /data/www/cacti/scripts/ping.pl '10.1.92.201'
0.072
Yea, that looks correct. Odd. That debug output will be important.
When i make ./configure then , i have this output ( it seems to work ) : ./spine -R -V 5 -f 1 -l 1 -S -p 4 -C /usr/local/spine/etc/spine.conf
Device[1] DEBUG: The NIFTY POPEN returned the following File Descriptor 7 Device[1] TH[1] DS[18379] SCRIPT: perl /data/www/cacti/scripts/loadavg_multi.pl, output: 1min:0.18 5min:0.18 10min:0.11 Device[1] DEBUG: The NIFTY POPEN returned the following File Descriptor 7 Device[1] TH[1] DS[18380] SCRIPT: perl /data/www/cacti/scripts/unix_users.pl '', output: 1 Device[1] DEBUG: The NIFTY POPEN returned the following File Descriptor 7 Device[1] TH[1] DS[18382] SCRIPT: /usr/bin/perl /data/www/cacti/scripts/ping.pl '10.1.92.201', output: 0.120
But with the install spine bin : /usr/local/spine/bin/spine -R -V 5 -f 1 -l 1 -S -p 4 -C /usr/local/spine/etc/spine.conf
i have this :
Device[1] DEBUG: The NIFTY POPEN returned the following File Descriptor 7 Insecure dependency in piped open while running setgid at /data/www/cacti/scripts/ping.pl line 21. Device[1] ERROR: Empty result [10.1.92.201]: '/usr/bin/perl /data/www/cacti/scripts/ping.pl '10.1.92.201 Device[1] TH[1] DS[18382] SCRIPT: /usr/bin/perl /data/www/cacti/scripts/ping.pl '10.1.92.201', output: U
the ./configure output :
Here is the output of ./configure :
checking build system type... amd64-unknown-freebsd10.3
checking host system type... amd64-unknown-freebsd10.3
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... config/install-sh -c -d
checking for gawk... no
checking for mawk... no
checking for nawk... nawk
checking whether make sets $(MAKE)... yes
checking whether make supports nested variables... yes
checking for gawk... (cached) nawk
checking for gcc... no
checking for cc... cc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether cc accepts -g... yes
checking for cc option to accept ISO C89... none needed
checking whether cc understands -c and -o together... yes
checking for style of include used by make... GNU
checking dependency style of cc... gcc3
checking how to run the C preprocessor... cc -E
checking whether ln -s works... yes
checking how to print strings... printf
checking for a sed that does not truncate output... /usr/bin/sed
checking for grep that handles long lines and -e... /usr/bin/grep
checking for egrep... /usr/bin/grep -E
checking for fgrep... /usr/bin/grep -F
checking for ld used by cc... /usr/bin/ld
checking if the linker (/usr/bin/ld) is GNU ld... yes
checking for BSD- or MS-compatible name lister (nm)... /usr/bin/nm -B
checking the name lister (/usr/bin/nm -B) interface... BSD nm
checking the maximum length of command line arguments... 196608
checking how to convert amd64-unknown-freebsd10.3 file names to amd64-unknown-freebsd10.3 format... func_convert_file_noop
checking how to convert amd64-unknown-freebsd10.3 file names to toolchain format... func_convert_file_noop
checking for /usr/bin/ld option to reload object files... -r
checking for objdump... objdump
checking how to recognize dependent libraries... pass_all
checking for dlltool... no
checking how to associate runtime and link libraries... printf %s\n
checking for ar... ar
checking for archiver @FILE support... no
checking for strip... strip
checking for ranlib... ranlib
checking command to parse /usr/bin/nm -B output from cc object... ok
checking for sysroot... no
checking for a working dd... /bin/dd
checking how to truncate binary pipes... /bin/dd bs=4096 count=1
checking for mt... mt
checking if mt is a manifest tool... no
checking for ANSI C header files... yes
checking for sys/types.h... yes
checking for sys/stat.h... yes
checking for stdlib.h... yes
checking for string.h... yes
checking for memory.h... yes
checking for strings.h... yes
checking for inttypes.h... yes
checking for stdint.h... yes
checking for unistd.h... yes
checking for dlfcn.h... yes
checking for objdir... .libs
checking if cc supports -fno-rtti -fno-exceptions... yes
checking for cc option to produce PIC... -fPIC -DPIC
checking if cc PIC flag -fPIC -DPIC works... yes
checking if cc static flag -static works... yes
checking if cc supports -c -o file.o... yes
checking if cc supports -c -o file.o... (cached) yes
checking whether the cc linker (/usr/bin/ld) supports shared libraries... yes
checking whether -lc should be explicitly linked in... no
checking dynamic linker characteristics... freebsd10.3 ld.so
checking how to hardcode library paths into programs... immediate
checking whether stripping libraries is possible... yes
checking if libtool supports shared libraries... yes
checking whether to build shared libraries... yes
checking whether to build static libraries... yes
checking whether to enable -Wall... no
checking for help2man... /usr/local/bin/help2man
checking for help2man... /usr/local/bin/help2man
checking for threadsafe gethostbyname()... no
checking for gethostbyname_r in -lnls... no
checking for socket in -lsocket... no
checking for floor in -lm... yes
checking for pthread_exit in -lpthread... yes
checking for deflate in -lz... yes
checking for kstat_close in -lkstat... no
checking for CRYPTO_realloc in -lcrypto... yes
checking for ANSI C header files... (cached) yes
checking sys/socket.h usability... yes
checking sys/socket.h presence... yes
checking for sys/socket.h... yes
checking sys/select.h usability... yes
checking sys/select.h presence... yes
checking for sys/select.h... yes
checking sys/wait.h usability... yes
checking sys/wait.h presence... yes
checking for sys/wait.h... yes
checking sys/time.h usability... yes
checking sys/time.h presence... yes
checking for sys/time.h... yes
checking assert.h usability... yes
checking assert.h presence... yes
checking for assert.h... yes
checking ctype.h usability... yes
checking ctype.h presence... yes
checking for ctype.h... yes
checking errno.h usability... yes
checking errno.h presence... yes
checking for errno.h... yes
checking signal.h usability... yes
checking signal.h presence... yes
checking for signal.h... yes
checking math.h usability... yes
checking math.h presence... yes
checking for math.h... yes
checking malloc.h usability... no
checking malloc.h presence... no
checking for malloc.h... no
checking netdb.h usability... yes
checking netdb.h presence... yes
checking for netdb.h... yes
checking for signal.h... (cached) yes
checking stdarg.h usability... yes
checking stdarg.h presence... yes
checking for stdarg.h... yes
checking stdio.h usability... yes
checking stdio.h presence... yes
checking for stdio.h... yes
checking syslog.h usability... yes
checking syslog.h presence... yes
checking for syslog.h... yes
checking for netinet/in_systm.h... yes
checking for netinet/in.h... yes
checking for netinet/ip.h... yes
checking for netinet/ip_icmp.h... yes
checking for unsigned long long... yes
checking for long long... yes
checking for an ANSI C-conforming const... yes
checking for size_t... yes
checking whether time.h and sys/time.h may both be included... yes
checking whether struct tm is in sys/time.h or time.h... time.h
checking return type of signal handlers... void
checking for malloc... yes
checking for calloc... yes
checking for gettimeofday... yes
checking for strerror... yes
checking for strtoll... yes
checking priv.h usability... no
checking priv.h presence... no
checking for priv.h... no
checking whether we are using Solaris privileges... no
checking sys/capability.h usability... yes
checking sys/capability.h presence... yes
checking for sys/capability.h... yes
checking whether we are using Linux Capabilities... no
checking if Net-SNMP needs crypto support... no
checking for snmp_timeout in -lnetsnmp... no
checking for the spine results buffer size... 1024 bytes
checking for the maximum simultaneous spine scripts... 20
checking for the maximum MySQL buffer size... 65536
checking whether we are using traditional popen... no
checking whether to verify net-snmp library vs header versions... no
checking for glibc gethostbyname_r... yes
checking for Solaris/Irix gethostbyname_r... no
checking for HP-UX gethostbyname_r... no
checking that generated files are newer than configure... done
configure: creating ./config.status
config.status: creating Makefile
config.status: creating config/config.h
config.status: executing depfiles commands
config.status: executing libtool commands`
@Carlimeunier show please you crontab file. I have this problem when i run poller.php proccess from not root you user not have permission for run /bin/ping or /sbin/ping
@pautiina I have this in /etc/crontab : /5 * cacti /usr/local/bin/php /data/www/cacti/poller.php > /dev/null 2> /var/log/poller_error.log
@Carlimeunier you must run from root orchmod +x /bin/ping
I already have this :
# ls -al /sbin/ping
-r-sr-xr-x 1 root wheel 28080 Jan 16 12:11 /sbin/ping
you can do this chmod -s /sbin/ping
BUT I NOT RECOMMEND DO IT, maybe you need add your cacti user to wheel group or change on crontab filie user from cacti to root.
It works when i modify crontab user by root.Thanks
To summarize, this behavior is only on freebsd ?
I dont now, maybe on Linux use sudo. I dont like linux I love FreeBSD:)
Okay, this is a non-issue. You just need to set the ping binary uid at the group level, and make the poller user a member of that group. Running the poller as root is NOT a good idea.
chmod g+s ping
I did what you said : set suid to ping and add cacti user to root group but i stull have the same issue.
# ls -al /sbin/ping
-r-sr-sr-x 1 root wheel 28080 Jan 16 12:11 /sbin/ping
# id cacti
uid=10013(cacti) gid=107(cacti) groups=107(cacti),0(wheel)
Resolved, please test again.
Thanks! it works
Hello, I have these issue with scripts. It runs on remote poller
2017-02-08 14:00:02 - SPINE: Poller[4] Device[1] Description[Main Poller] ERROR: Empty result [10.10.102.201]: '/usr/bin/perl /data/www/cacti/scripts/ping.pl '10.10.102.201''
And here it is the file permission :
rwxrwxrwx 1 www cacti 1034 Feb 2 18:20 ping.pl
ENV :
Thanks