search

NagiosEnterprises / nrpe

NRPE Agent
GNU General Public License v2.0
257 stars 133 forks source link

Wrong user owning the nrpe process under AIX #270

Closed StefThomas closed 11 months ago

StefThomas commented 1 year ago

Hi,

NRPE v4.0.3 on AIX v7.2.0.0.0

Although I have this in the configuration file :

nrpe_user=nagios
nrpe_group=nagios

The NRPE daemon process is still owned by root. The NRPE configuration file is read (all other options are effective). The "nagios" user exists, the group also. This is the log I get with debug=1 when restarting the daemon :

Nov  3 13:18:25 AIXTEST2 local4:notice nrpe[18088258]: Caught SIGTERM - shutting down...
Nov  3 13:18:25 AIXTEST2 local4:err|error nrpe[18088258]: Cannot remove pidfile '/var/run/nrpe.pid' - check your privileges.
Nov  3 13:18:25 AIXTEST2 local4:notice nrpe[18088258]: Daemon shutdown
Nov  3 14:18:28 AIXTEST2 local4:debug nrpe[18088264]: Added command[check_load]=/logiciel/sihm/nagios-plugins/libexec/XXX/check_load -w $ARG1$ -c $ARG2$
[…]
Nov  3 14:18:28 AIXTEST2 local4:debug nrpe[18088264]: Added command[check_fcs_io]=/logiciel/sihm/nagios-plugins/libexec/XXX/check_fcs-io.sh $ARG1$
Nov  3 14:18:28 AIXTEST2 local4:info nrpe[18088264]: INFO: SSL/TLS initialized. All network traffic will be encrypted.
Nov  3 14:18:28 AIXTEST2 local4:notice nrpe[25428448]: Starting up daemon
Nov  3 13:18:28 AIXTEST2 local4:info nrpe[25428448]: SETUP_WAIT_CONN FOR: IPv4 address: 0.0.0.0 ((NULL))
Nov  3 13:18:28 AIXTEST2 local4:info nrpe[25428448]: Server listening on 0.0.0.0 port 5666.
Nov  3 13:18:28 AIXTEST2 local4:notice nrpe[25428448]: Warning: Daemon is configured to accept command arguments from clients!
Nov  3 13:18:28 AIXTEST2 local4:info nrpe[25428448]: Listening for connections on port 5666
Nov  3 13:18:28 AIXTEST2 local4:info nrpe[25428448]: Allowing connections from: 10.44.18.0/24,127.0.0.1,10.44.18.52,10.44.18.54

Note1: Both the configuration file and the init script have been modified to use /var/run/nrpe.pid as the PID file (instead of /var/run/nagios-nrpe/nrpe.pid) because it is the configuration we use to run NRPE v2.15, and I’m migrating from v2.15 to v4.0.3, so it’s easier to me to configure it like this (ie: I can use the same Puppet manifest whatever it is 2.15 or 4.0.3). But I don’t think it is related to the problem I have.

Note2: Although the warning message about the PID file not being removable, it’s updated correctly with the right PID.

Note3: We use NRPE on Linux hosts also and don’t observe the same issue with this OS.

Do you have any idea? If I’m not mistaken, there is a compile time option about what user should be used to run the daemon, but our AIX administrators just installed the binary provided by IBM. Do you think the problem we have could be resolved by building the binary ourselves? (I don’t even know if it’s something doable under AIX…)

StefThomas commented 1 year ago

Answer to myself. I managed to get the process running as user "nagios" using sudo in the init script:

su - nagios -c "${PROG_BIN} -c ${NRPE_CONFIG} -d ${NRPE_OPT}"

The init script isn’t well suited for AIX (PID file should be in /var/locks rather than /var/run for example) but I guess it’s more an AIX packaging issue than a NRPE issue.

Feel free to close the issue if you want.

sawolf commented 11 months ago

Thanks for the update - I wish I had an AIX box to test on, but it doesn't seem to be in the cards for right now. I'm glad you found a resolution to your problem!