Hi,
On 2010-07-07 21:02, Bruce Pennypacker wrote:
> I've been doing some troubleshooting and just found that the ownership
> of ido.sock might be the issue. When I launch ido2db ido.sock is
> created as root:nagios with the permissions srwxr-xr-x. If I change the
> ownership to nagios:nagios before launching icinga then it's able to
> connect.
>
Hmmm the default should be $icingauser:$icingagroup srwxr-xr-x
Apparently, output=... in idomod.cfg will be translated into
idomod_sink_name (idomod.c)
if(ido_sink_open(idomod_sink_name,0,idomod_sink_type,idomod_sink_tcp_port,flags,&idomod_sink_fd)==IDO_ERROR)
which runs into io.c and creating an unix socket
if(!(newfd=socket(PF_UNIX,SOCK_STREAM,0)))
and then connect
if((connect(newfd,(struct sockaddr
*)&server_address_u,SUN_LEN(&server_address_u)))){
the only recent changes we made was SUN_LEN - if not defined through
includes (on Solaris), it is being locally defined.
but this can't affect the user/group creation of the socket.
regarding the socket implementation on unix:
"In the Linux implementation, sockets which are visible in the
filesystem honour the permissions of the directory they are in. Their
owner, group and their permissions can be changed. Creation of a new
socket will fail if the process does not have write and search (execute)
permission on the directory the socket is created in. Connecting to the
socket object requires read/write permission. This behavior differs from
many BSD-derived systems which ignore permissions for Unix sockets.
Portable programs should not rely on this feature for security. "
http://linux.die.net/man/7/unix
Can I see the permissions being set on the parent directory? Maybe you
have a faulty line in your spec file then.
Kind regards,
Michael
------------------------------------------------------------------------------
This SF.net email is sponsored by Sprint
What will you do first with EVO, the first 4G phone?
Visit sprint.com/first -- http://p.sf.net/sfu/sprint-com-first
_______________________________________________
icinga-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/icinga-users
