cigamit
commented
7 years ago Yea, it seems we did not think. This needs to be updated.
Closed thurban closed 7 years ago
cigamit
commented
7 years ago Yea, it seems we did not think. This needs to be updated.
cigamit
commented
7 years ago It would be nice if someone can create a pull request on this one.
thurban
commented
7 years ago Ok. From the logic, pure php changes will probably not fix this, as the files need to have read and write permissions by the web server (i.e. "purge log" from frontend) and the cacti polling user.
Example: If the web-server creates the file/directory there's no chance to change the ownership of the file/directory to the cacti polling users. By default (in Centos 7) the file/directory is also created with the apache group being the group owner so a 777 chmod would be the only chance to allow another users ( cacti polling user ) to write to this file/directory.
I guess this needs to be a combination of these 2 options: 1) Change the install process and add a line saying that the cacti polling user needs to be in the same group as the apache user, change the code to only execute chown if user is root. chgrp and chmod should work in this case. 2) move the creation of the directory back to the polling process (if root is the polling user then there's no issue with chown/chgrp).
What do you think ?
cigamit
commented
7 years ago Great strategy. Please create a pull request. Thanks!
cigamit
commented
7 years ago Resolved. Paths will only be created by the poller.
If
Console -> Cacti Settings -> Data Storage -> Structured RRD Path
is selected, the folder named after the ID of the device is created immediately (unlike previous cacti version, where it was created by the poller) but with a wrong user owner and attributes, and it is impossible for the poller to write into such folder (apache:apache is the owner)
This does not happend if Structured RRD Path is not selected, RRD files are created by the poller correctly.
Workaround: 1 ) add the poller user (i.e cactiuser) to the apache group [root@cactiM cacti]# groups cactiuser cactiuser : cactiuser apache
[root@cactiM cacti]# groups apache apache : apache
2) /var/www/html/cacti is owned by cactiuser:apache for all folders and files (recursively). Set sticky bit to rra folder: chown -R cactiuser.apache /var/www/html/cacti/rra/ chmod -R 775 /var/www/html/cacti/rra/ chmod g+s /var/www/html/cacti/rra/
Reason: chown can only be executed by SuperUser(root), so the if statement in lib/rrd.php fails.
This is also noted in the poller_maintenance.php file: // NOTE: chown/chgrp fails for non-root users, checking their // result is therefore irrevelevant
See this post in the forum for screenshots and details: http://forums.cacti.net/viewtopic.php?f=21&t=56998