[collectd] exec-plugin permission bug (?)

Sebastian Harl sh at tokkee.org
Sun Sep 2 16:33:21 CEST 2007


Hi,

On Sun, Sep 02, 2007 at 04:18:31PM +0200, Philipp Giebel wrote:
> Sebastian Harl schrieb:
> >>   Exec rrduser:adm "/usr/local/bin/rrdscripts/rrd-postfix.sh"
> > 
> > Is the user "rrduser" a member of the "adm" group?
> Yes, he is. That's the way I expected it to be..
> 
>   ~# groups rrduser
>   rrduser : adm
> 
> Also tried setting rrduser's default-group to "rrduser" and adding him
> to adm via /etc/groups - both with the same result..

Uh, that's strange. Please recompile with my latest patch ("Added the
AC_FUNC_STRERROR_R check.") applied so we can get some meaningful error
messages.

> >> collectd complains:
> >>
> >>   Sep  2 00:23:22 localhost collectd[6940]: exec plugin: exec failed:
> > 
> > exec() usually fails, if the user/group is not allowed to execute the
> > specified script or if it has not been found. Do you depend on changing the
> > group to be able to execute the script? If not, you should double check, if
> > you supplied the correct script name/path.
> 
>   ~# ls -lah /usr/local/bin/rrdscripts/rrd-postfix.sh
>   -rwxr-xr-x 1 rrduser adm 2,1K 2007-08-27 18:27 \
>     /usr/local/bin/rrdscripts/rrd-postfix.sh
> 
> Nope - everybody can execute the script, but it will only "work" for
> users in group adm (logfile-permissions are set that way..)

If everybody is able to execute the script, there seems to be another problem
here. Obviously, exec() will not fail, if the script does not "work" ;-)

> >> In his "patch-post" Sebastian is writing somewhere that, when the
> >> group-parameter is omitted at the config-file, the group will
> >> automatically be changed to the users default-group.
> > 
> > This is only valid if you keep the colon (:). The config line should look
> > like:
> > 
> >   Exec <user>: <script>
> Tried that, now - did'nt work..

Which part failed?

Please try again with the patched version of collectd and provide the error
messages. They are so much more helpful than just guessing what might have
gone wrong ;-)

Cheers,
Sebastian

-- 
Sebastian "tokkee" Harl +++ GnuPG-ID: 0x8501C7FC +++ http://tokkee.org/

Those who would give up Essential Liberty to purchase a little Temporary
Safety, deserve neither Liberty nor Safety.         -- Benjamin Franklin

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mailman.verplant.org/pipermail/collectd/attachments/20070902/7dd91b84/attachment.pgp 


More information about the collectd mailing list