Thank you, Tobi. It worked! :) >-----Original Message----- >From: Tobias Oetiker [mailto:[email protected]] >Sent: Monday, November 09, 2009 13:07 >To: Eric Chatham >Cc: [email protected] >Subject: Re: [smokeping-users] Slave cannot open Secrets file (Permisson >Denied) > >Hi Eric, > >Today Eric Chatham wrote: > >> Hello, >> >> Was anyone able to come up with a solution to this? > >the problem is that your webserver is probaly running smokeping.cgi >as user nobody or httpd ... and this user does not have access to >secrets.conf ... you may want to try > >chown httpd /opt/smokeping/etc/secrets.conf > > >even better would be to use suexec on your webserver and have a >separate smokeping user for running both the daemon as well as the >cgi ... > >hth >tobi > >> >> Thank you, Eric. >> >> >-----Original Message----- >> >From: [email protected] [mailto:smokeping-users- >> >[email protected]] On Behalf Of Eric Chatham >> >Sent: Wednesday, November 04, 2009 15:01 >> >To: [email protected] >> >Subject: Re: [smokeping-users] Slave cannot open Secrets file (Permisson >> >Denied) >> > >> >Hi Peter, >> > >> >Thank you for replying. That?s the part that doesn?t make sense. This is >the >> >command I run on the slave machine to daemonize smokeping. >> > >> >SLAVE DAEMON: >> > >> >/home/smokeping/alt/smokeping/bin/smokeping --master- >> >url=http://server02.broadvox.net/smokeping/smokeping.cgi --shared- >> >secret=/opt/smokeping/secret.txt --cache-dir=/var/tmp/ >> >WARNING: Opening secrets file /opt/smokeping/etc/secrets.conf: Permission >> >denied >> > >> >ERROR: we did not get config from the master. Maybe we are not configured >as a >> >slave for any of the targets on the master ? >> > >> > >> >There is no secrets.conf file on the slave machine ? only the answer file, >> >called secret.txt, and the error on the slave references the location of >> >secrets.conf on the master server. Our Linux Server crashed a few days >ago. >> >I re-installed CentOS 5.1 on the server. This was the original OS on there >> >too. The only difference in the smokeping installation was in the version >of >> >RRDTool I used (1.3 ? 1.4). That?s it. All the configs were restored from >a >> >backup. >> > >> >On the master, I daemonize smokeping from the /opt directory. That is >where I >> >have installed smokeping; that was where it was installed beforehand as >well. >> >Yes, iptables on the master server allows access from the slave. As I >> >mentioned, I did get it to work by giving secrets.conf on the master, 444 >> >permissions; however, when I changed the permissions of that file back to >440 >> >? for example, that?s when I get the permissions denied error on the slave. >> > >> >MASTER DAEMON: >> >/opt/smokeping/bin/smokeping ?restart >> > >> >Thank you for any assistance with this. ? >> > >> >From: Peter Kristolaitis [mailto:[email protected]] >> >Sent: Tuesday, November 03, 2009 23:51 >> >To: Eric Chatham >> >Cc: [email protected] >> >Subject: Re: [smokeping-users] Slave cannot open Secrets file (Permisson >> >Denied) >> > >> >The permissions of the config file on the master have *absolutely nothing* >to >> >do with the permissions of the config file on the slave. This is a file >> >permission issue on the slave machine -- whatever context smokeping is >running >> >under is unable to read the secrets.conf file *on the slave machine*. >> > >> >To help in troubleshooting: What distribution of Linux (or *BSD, etc) are >you >> >using? Did you install Smokeping from a package or manually? How are you >> >starting the slave -- and if it's manually, can you include your script, if >> >any? >> > >> > >> > >> >Eric Chatham wrote: >> >This still doesn?t make sense at all. This is a conundrum! >> > >> >When I set read to the everyone group for secrets.conf file (eg, 444) on >the >> >master and start the daemon on the slave, it works fine. >> > >> >BUT, if I go and try to restart the daemon on the master it says ?ERROR: >> >/opt/smokeping/etc/config, line 137: File '/opt/smokeping/etc/secrets.conf' >is >> >world-readable or writable, refusing it.? When I reset the permissions to >> >read only on the master (eg 440), I am able to re-daemonize smokeping on >> >master. >> > >> >BUT, when I go back to the slave and try to re-daemonize, I get ?WARNING: >> >Opening secrets file /opt/smokeping/etc/secrets.conf: Permission denied. >> >ERROR: we did not get config from the master. Maybe we are not configured >as a >> >slave for any of the targets on the master?? >> > >> >This does not make sense >> > >> >From: Eric Chatham >> >Sent: Tuesday, November 03, 2009 17:01 >> >To: Eric Chatham; Peter Kristolaitis >> >Cc: [email protected] >> >Subject: RE: [smokeping-users] Slave cannot open Secrets file (Permisson >> >Denied) >> > >> >I changed the master so smokeping runs under smokeping user (uid 1002). I >> >still can?t daemonize smokeping on the slave. >> > >> >1002 17841 0.0 0.3 30248 16468 ? Ss 15:55 0:00 >/usr/bin/perl >> >-w /opt/smokeping/bin/smokeping -restart >> >1002 17842 0.0 0.3 30248 16392 ? S 15:55 0:00 >> >/opt/smokeping/bin/smokeping [FPing_III] >> >1002 17843 0.0 0.3 30248 16308 ? S 15:55 0:00 >> >/opt/smokeping/bin/smokeping [FPing_II] >> >1002 17844 0.0 0.3 30248 16308 ? S 15:55 0:00 >> >/opt/smokeping/bin/smokeping [FPing_IV] >> >1002 17845 0.0 0.3 30248 16228 ? S 15:55 0:00 >> >/opt/smokeping/bin/smokeping [FPing_default] >> >1002 17846 0.0 0.3 30248 16228 ? S 15:55 0:00 >> >/opt/smokeping/bin/smokeping [FPing_I] >> >1002 17976 0.0 0.0 1716 540 ? S 15:56 0:00 >> >/usr/local/sbin/fping -C 20 -q -B1 -r1 -i10 71.182.234.59 204.15.16 >> >nagios 17984 0.0 0.0 17348 1580 ? S 15:56 0:00 >> >/usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg >> >nagios 17985 0.0 0.0 3908 712 ? S 15:56 0:00 >> >/usr/local/nagios/libexec/check_ping -H 10.128.54.222 -w 100.00,20% >> >nagios 17986 0.0 0.0 1836 528 ? S 15:56 0:00 /bin/ping >-n >> >-U -w 10 -c 5 10.128.54.222 >> >nagios 18002 0.0 0.0 17348 1580 ? S 15:56 0:00 >> >/usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg >> >nagios 18003 0.0 0.0 3904 712 ? S 15:56 0:00 >> >/usr/local/nagios/libexec/check_ping -H 10.128.95.249 -w 3000.0,80% >> >nagios 18005 0.0 0.0 1840 544 ? S 15:56 0:00 /bin/ping >-n >> >-U -w 30 -c 5 10.128.95.249 >> >nagios 18009 0.0 0.0 17348 1580 ? S 15:56 0:00 >> >/usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg >> >nagios 18010 7.3 0.1 10620 6828 ? S 15:56 0:00 >/usr/bin/perl >> >/usr/local/nagios/libexec/check_uptime.pl -H 10.10.3. >> >1002 18023 0.0 0.0 7920 1680 pts/2 R+ 15:56 0:00 ps aux >> >root 18807 0.0 0.0 5296 1196 ? Ss 08:29 0:00 crond >> >root 20761 0.0 0.0 4532 1192 pts/2 S 09:48 0:00 /bin/sh >> >/usr/bin/mysqld_safe --datadir=/var/lib/mysql --socket=/var >> >mysql 20811 0.0 0.5 145232 23176 pts/2 Sl 09:48 0:19 >> >/usr/libexec/mysqld --basedir=/usr --datadir=/var/lib/mysql --user= >> >apache 24728 0.2 0.5 30584 21796 ? S 13:42 0:17 >> >/usr/bin/speedy_backend -w /opt/smokeping/htdocs/smokeping.cgi >> >root 26169 0.0 0.1 21092 7392 ? Ss 13:46 0:00 >> >/usr/sbin/httpd >> >apache 26171 0.0 0.2 28576 11752 ? S 13:46 0:03 >> >/usr/sbin/httpd >> >apache 26172 0.0 0.2 27828 10860 ? S 13:46 0:01 >> >/usr/sbin/httpd >> >apache 26173 0.0 0.2 28740 11836 ? S 13:46 0:02 >> >/usr/sbin/httpd >> >apache 26174 0.0 0.2 28652 11800 ? S 13:46 0:01 >> >/usr/sbin/httpd >> >apache 26175 0.0 0.2 28756 11840 ? S 13:46 0:01 >> >/usr/sbin/httpd >> >apache 26176 0.0 0.2 28752 11936 ? S 13:46 0:03 >> >/usr/sbin/httpd >> >apache 26177 0.0 0.2 28748 11840 ? S 13:46 0:02 >> >/usr/sbin/httpd >> >apache 26178 0.0 0.2 28576 11756 ? S 13:46 0:01 >> >/usr/sbin/httpd >> >root 27449 0.0 0.1 27412 6448 ? Sl Nov02 0:09 >> >/usr/sbin/snmpd -Lsd -Lf /dev/null -p /var/run/snmpd.pid -a >> >nagios 27615 0.4 0.0 17344 2252 ? Ssl Nov02 7:03 >> >/usr/local/nagios/bin/nagios -d /usr/local/nagios/etc/nagios.cfg >> >apache 30585 0.0 0.2 28588 11768 ? S 13:56 0:03 >> >/usr/sbin/httpd >> >apache 30617 0.0 0.4 28508 18248 ? S 13:56 0:06 >> >/usr/bin/speedy_backend -w /opt/smokeping/htdocs/smokeping.cgi >> >root 31883 0.0 0.0 7072 1072 ? Ss 15:13 0:00 >> >/usr/sbin/sshd >> >root 31936 0.0 0.0 13956 3732 ? Ss 15:13 0:00 sshd: >> >echatham [priv] >> >echatham 32005 0.0 0.0 13956 2260 ? S 15:13 0:00 sshd: >> >echat...@notty >> >echatham 32006 0.0 0.0 9708 2200 ? Ss 15:13 0:00 >> >/usr/libexec/openssh/sftp-server >> >[smokep...@dalimnag02 ~]$ id smokeping >> >uid=1002(smokeping) gid=1003(smokeping) groups=1003(smokeping) >> >context=user_u:system_r:unconfined_t >> >[smokeping@ ~]$ >> > >> >From: [email protected] [mailto:smokeping-users- >> >[email protected]] On Behalf Of Eric Chatham >> >Sent: Tuesday, November 03, 2009 15:29 >> >To: Peter Kristolaitis >> >Cc: [email protected] >> >Subject: Re: [smokeping-users] Slave cannot open Secrets file (Permisson >> >Denied) >> > >> >Hello, >> > >> >How can I tell if it?s running under UID or GID? I never had a problem >before >> >with this running. I?m running this under root on both master and slave >> >server. Secrets.conf is owned by root user and group. >> > >> >From: Peter Kristolaitis [mailto:[email protected]] >> >Sent: Tuesday, November 03, 2009 15:25 >> >To: Eric Chatham >> >Cc: [email protected] >> >Subject: Re: [smokeping-users] Slave cannot open Secrets file (Permisson >> >Denied) >> > >> >I suspect it's a file ownership problem. >> > >> >Is smokeping running with UID root or GID root (the two conditions which >would >> >allow it to access that file given the ownership and permissions)? Most >> >installations of smokeping run under non-privileged UID/GID for security. >> > >> > >> > >> > >> > >> >Eric Chatham wrote: >> >Hello, >> > >> >I had this working at one time with giving the secrets file 640 >permissions. >> >Our hardware failed on our Linux server, so I had to re-install all our >> >applications from a backup. One of the apps was smokeping. I re-installed >> >the program and just restored the configs from the backup. >> > >> >Can someone tell me why I?m now having a problem on the slave server trying >to >> >open the secrets.conf file on the master server? I keep getting this >error: >> > >> >WARNING: Opening secrets file /opt/smokeping/etc/secrets.conf: Permission >> >denied >> > >> >ERROR: we did not get config from the master. Maybe we are not configured >as a >> >slave for any of the targets on the master ? >> > >> >Here is my secrets.conf stat: >> > >> >stat secrets.conf >> > File: `secrets.conf' >> > Size: 56 Blocks: 16 IO Block: 4096 regular file >> >Device: fd00h/64768d Inode: 4423683 Links: 1 >> >Access: (0640/-rw-r-----) Uid: ( 0/ root) Gid: ( 0/ root) >> >Access: 2009-11-03 13:21:26.000000000 -0600 >> >Modify: 2009-11-02 15:06:10.000000000 -0600 >> >Change: 2009-11-03 13:36:58.000000000 -0600 >> > >> >Eric Chatham >> >MIS Department >> >Phone: (216) 373-4683 >> >Fax: (216) 373-4669 >> >[email protected] >> > >> > >> > >> >________________________________________ >> >CONFIDENTIAL. This e-mail and any attached files are confidential and >should >> >be destroyed and/or returned if you are not the intended and proper >recipient. >> > >> > >> > >> > >> > >> > >> > >> > >> >________________________________________ >> > >> > >> > >> > >> > >> > >> > >> > >> > >> > >> >_______________________________________________ >> >smokeping-users mailing list >> >[email protected] >> >https://lists.oetiker.ch/cgi-bin/listinfo/smokeping-users >> > >> > >> > >> >________________________________________ >> >CONFIDENTIAL. This e-mail and any attached files are confidential and >should >> >be destroyed and/or returned if you are not the intended and proper >recipient. >> > >> >________________________________________ >> >CONFIDENTIAL. This e-mail and any attached files are confidential and >should >> >be destroyed and/or returned if you are not the intended and proper >recipient. >> > >> > >> >CONFIDENTIAL. This e-mail and any attached files are confidential and >should >> >be destroyed and/or returned if you are not the intended and proper >recipient. >> >_______________________________________________ >> >smokeping-users mailing list >> >[email protected] >> >https://lists.oetiker.ch/cgi-bin/listinfo/smokeping-users >> >> CONFIDENTIAL. This e-mail and any attached files are confidential and >should be destroyed and/or returned if you are not the intended and proper >recipient. >> _______________________________________________ >> smokeping-users mailing list >> [email protected] >> https://lists.oetiker.ch/cgi-bin/listinfo/smokeping-users >> > >-- >Tobi Oetiker, OETIKER+PARTNER AG, Aarweg 15 CH-4600 Olten, Switzerland >http://it.oetiker.ch [email protected] ++41 62 775 9902 / sb: -9900
CONFIDENTIAL. This e-mail and any attached files are confidential and should be destroyed and/or returned if you are not the intended and proper recipient. _______________________________________________ smokeping-users mailing list [email protected] https://lists.oetiker.ch/cgi-bin/listinfo/smokeping-users
