What he said, plus...
The ntop install creates the .../rrd directory, but can't do the chown
because we don't know what userid you are going to run ntop under. This is
explained after make install (for a new install) in large letters:
************************************************************
************************************************************
WARNING: This install created a directory for the ntop
files and databases:
<directory>
This directory MUST be owned by the user
which you are going to use to run ntop.
The command you must issue is something like:
chown -R ntop.ntop <directory>/ntop
or chown -R ntop:users <directory>/ntop
man chown to check the syntax for YOUR system
************************************************************
************************************************************
The rrd plugin also has a security setting, which sets these for files and
directories created by the plugin.
Peter's chmod will lock access to the directories down, although there are
other choices, in part depending upon whether you're on a system with
user-group mapping like RedHat or not and so may not be applicable to all
*nix systems.
770 means than anyone with access to the ntop userid's default group (which
is frequently 'nobody' and shared among all service ids) can write to rrd
files. 0750 might be better.
I use 0711 for the directories (all access to the creator/owner and execute
permission - which really means scan directory and is required for cd and ls
and such) for group and everyone. Then I use 0755 (allows READ) for the rrd
files.
Here's what I'm personally recommending:
1. $ su - (i.e. run as root)
2. # cd .../ntop
# make install
3. Set permissions (The mkdir steps may not be required)
# mkdir --parents --mode=0711 <ntopdbfilepath>
# chown -R ntop: <ntopdbfilepath>
# chmod 0711 <ntopdbfilepath>
# mkdir --parents --mode=0755 <directory>/rrd
# chmod 0755 <directory>/rrd
# chown -R ntop: <directory>/rrd
4. Run ntop to set the admin password
# /usr/bin/ntop --set-admin-password --db-file-path <directory>
5. Fixup the created files for more security.
# chmod 0600 <directory>/ntop_pw.db
# chmod 0600 <directory>/prefsCache.db
# chown -R ntop: <directory>/*.db
6. Run ntop and set the security permissions in the rrd plugin before EVER
starting rrd.
The new /etc/init.d/ntop script (RedHat only, sorry) will automatically do
this, on the /etc/init.d/ntop init invoke.
-----Burton
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Schoplocher Peter (Student at Congleton)
Sent: Friday, September 12, 2003 3:49 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [Ntop] rrdPlugin Setup
The -P specifies your database path (e.g. -P /var/lib/ntop) ntop's rrdPlugin
will attemt to create a directory for the RRD ( /var/lib/ntop/rrd). Therefor
the ntop-user (e.g. -u ntopuser) must have permission to write in the
database path, otherwise you get the mentioned error. (chmod -R 0770
/var/lib/ntop && chown -r ntopuser:root /var/lib/ntop)
-----Original Message-----
From: Gary Borgeson [mailto:[EMAIL PROTECTED]
Sent: 11 September 2003 18:27
To: [EMAIL PROTECTED]
Subject: [Ntop] rrdPlugin Setup
I'm get this: "Disabled - unable to create rrd base directory"
Do we have to set up the directory/database/config outside of NTOP
Admin?
If so, is there a doc specific to NTOP?
Thanks, G
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listgateway.unipi.it/mailman/listinfo/ntop
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listgateway.unipi.it/mailman/listinfo/ntop
