hluaces
commented
3 years ago AFAIK you are not escalating privileges with zabbix, just executing it with its user.
Try to login as zabbix: sudo -u zabbix /bin/bash and then executing those commands while sudoing, for example: sudo /usr/sbin/smartctl --scan.
The described permissions for sudoers.d are unfortunately not sufficient for Zabbix to do a discovery, nor to read out SMART attributes for MegaRAID.
Is there any workaround?
Details are below:
[root@io02 ~]# sudo -u zabbix groups zabbix disk
[root@io02 ~]# sudo -u zabbix /usr/sbin/smartctl --scan /dev/sda -d scsi # /dev/sda, SCSI device /dev/sdb -d scsi # /dev/sdb, SCSI device /dev/sdd -d scsi # /dev/sdd, SCSI device (megaraid devices are not found...)
[root@io02 ~]# sudo -u zabbix /usr/sbin/smartctl -a /dev/bus/0 -d megaraid,65 smartctl 7.0 2018-12-30 r4883 [x86_64-linux-3.10.0-1062.4.3.el7.x86_64] (local build) Copyright (C) 2002-18, Bruce Allen, Christian Franke, www.smartmontools.org
Smartctl open device: /dev/bus/0 [megaraid_disk_65] failed: cannot open /dev/megaraid_sas_ioctl_node or /dev/megadev0
[root@io02 ~]# ll /dev/megaraid_sas_ioctl_node cr--r----- 1 root root 243, 0 Jul 28 10:49 /dev/megaraid_sas_ioctl_node
On the other hand, as "root" it is possible to do the discovery scan and readout:
[root@io02 ~]# /usr/sbin/smartctl --scan
/dev/sda -d scsi # /dev/sda, SCSI device /dev/sdb -d scsi # /dev/sdb, SCSI device /dev/sdd -d scsi # /dev/sdd, SCSI device /dev/bus/0 -d megaraid,38 # /dev/bus/0 [megaraid_disk_38], SCSI device /dev/bus/0 -d megaraid,39 # /dev/bus/0 [megaraid_disk_39], SCSI device /dev/bus/0 -d megaraid,40 # /dev/bus/0 [megaraid_disk_40], SCSI device /dev/bus/0 -d megaraid,41 # /dev/bus/0 [megaraid_disk_41], SCSI device ...
[root@io02 ~]# /usr/sbin/smartctl -a /dev/bus/0 -d megaraid,65 | grep defect Grown defects during certification
Elements in grown defect list: 0