1748128 Members
3992 Online
108758 Solutions
New Discussion юеВ

group not activated

 
SOLVED
Go to solution
Fred Ruffet
Honored Contributor

group not activated

Hi all,

We are running a nagios server and would like to monitor a particular program. To run the check, the nagios user has to be in a particular group. Connected with the nagios user on the server :
# id
uid=500(nagios) gid=500(nagios) groupes=501(appgroup)

Same command in a check, results in :
uid=500(nagios) gid=500(nagios)

appgroup is not activated. We tried to use newgrp, but it doesn't solve the problem.

Question is : why isn't a group set in /etc/group activated ?

Regards,

Fred

--

"Reality is just a point of view." (P. K. D.)
8 REPLIES 8
Ivan Ferreira
Honored Contributor

Re: group not activated

If the remote host is a solaris system, then you have to use the id -a command (or groups command) to display all groups membership.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Fred Ruffet
Honored Contributor

Re: group not activated

I didn't mention as we were in Linux section :)
Both systems are Linux.
--

"Reality is just a point of view." (P. K. D.)
Matti_Kurkela
Honored Contributor

Re: group not activated

Have you restarted Nagios after joining nagios user to the appgroup?

If Nagios was not restarted after the change, the Nagios main process still has the old group membership information, and its child processes will inherit the same old information.

A process can change only its own group membership information, and only when it is either running as root or with SUID root permissions. The "newgrp" command only switches a secondary group to primary and vice versa: if the process does not already have a secondary group in its group membership information, it refuses to do anything.

MK
MK
Fred Ruffet
Honored Contributor

Re: group not activated

Problem is not on the server, but only on the client. Nrpe is launched from inetd on each check. So yes, it has been reloaded.
--

"Reality is just a point of view." (P. K. D.)
Ivan Ferreira
Honored Contributor

Re: group not activated

What if you do service xinetd reload on the client?
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Fred Ruffet
Honored Contributor

Re: group not activated

Nice try, Ivan :)

xinetd.d restarts a nagios session each time it is called. So every call is supposed to have good uid/gid information.

To be sure, we just restarted xinetd, but without any change.

Fred
--

"Reality is just a point of view." (P. K. D.)
Fred Ruffet
Honored Contributor

Re: group not activated

I have found a partial explanation. Problem seems to come from xinetd config. In a xinetd service description, you must specify user and group. And only this group is set. If you don't specify one, it will take the one given in /etc/passwd, but it will never look in /etc/group for additional group...

Question becomes : How to set multiple groups for a xinetd service ?

Regards,

Fred
--

"Reality is just a point of view." (P. K. D.)
Matti_Kurkela
Honored Contributor
Solution

Re: group not activated

In the xinetd service definition for nagios client, add: "groups = yes".

This tells xinetd to allow the nagios user to have all the group privileges entitled to the user, instead of just the one group identified in the xinetd service definition.

MK
MK