[collectd] exec-plugin permission bug (?)

Philipp Giebel newsletter at amb-net.de
Sun Sep 2 16:18:31 CEST 2007 

Sebastian Harl schrieb:
>>   Exec rrduser:adm "/usr/local/bin/rrdscripts/rrd-postfix.sh"
> 
> Is the user "rrduser" a member of the "adm" group?
Yes, he is. That's the way I expected it to be..

  ~# groups rrduser
  rrduser : adm

Also tried setting rrduser's default-group to "rrduser" and adding him
to adm via /etc/groups - both with the same result..

>> collectd complains:
>>
>>   Sep  2 00:23:22 localhost collectd[6940]: exec plugin: exec failed:
> 
> exec() usually fails, if the user/group is not allowed to execute the
> specified script or if it has not been found. Do you depend on changing the
> group to be able to execute the script? If not, you should double check, if
> you supplied the correct script name/path.

  ~# ls -lah /usr/local/bin/rrdscripts/rrd-postfix.sh
  -rwxr-xr-x 1 rrduser adm 2,1K 2007-08-27 18:27 \
    /usr/local/bin/rrdscripts/rrd-postfix.sh

Nope - everybody can execute the script, but it will only "work" for
users in group adm (logfile-permissions are set that way..)

> Anyway, there is still a bug in the usage of the strerror_r() funktion (which
> should provide an error message after "exec failed:"). GNU did some strange
> things when implementing this function - I will provide a patch for that later
> on.
That would be quiet cool.. ;)

>> In his "patch-post" Sebastian is writing somewhere that, when the
>> group-parameter is omitted at the config-file, the group will
>> automatically be changed to the users default-group.
> 
> This is only valid if you keep the colon (:). The config line should look
> like:
> 
>   Exec <user>: <script>
Tried that, now - did'nt work..

> (see collectd.conf(5): "If only the colon follows the user name ...")
*blush* ;)

>> So I tried to remove the ":adm" and changed rrdusers default-group to
>> "4" / "adm" (is this possible anyway..?).
> 
> You can set the default group to anything you want, using the numerical group
> ID in /etc/passwd.
kk - that's what I did.. Just wanted to be shure that that's not the
problem.. :)


cheers,
  Philipp

More information about the collectd mailing list