1

I just installed nagios and nrpe-version nrpe-4.1.0 on Ubuntu 22.04. Its a host machine which connects to nagios server. When I'm passing a check to run a script /usr/local/nagios/libexec/check_sync.sh. This runs fine under user 'ubuntu' but if I check it via

sudo su nagios -c "/usr/local/nagios/libexec/check_sync.sh"

Getting error as

cat: /home/ubuntu/health.txt: Permission denied

bash: [: =: unary operator expected

Same error to what I get on when nagios server tries to check it. Basically don't think under user 'nagios' its able to read that file. I tried changing the permission on that file, but that doesn't work. This is first time I'm running nrpe on Ubuntu 22.04, not sure if thats linked in anyway. Its the same error when I perform:

sudo su - nagios -c "cat /home/ubuntu/health.txt"

The file is definitely there and permissioned to read by all. The script starts with:

#!/bin/bash -i

Any ideas what can be done about it?

#Updated#

Running on ubuntu LTS 22.04: Cronjob runs a command which places a health.txt file to

/home/ubuntu/health.txt

Below script is under:

/usr/local/nagios/libexec/check_sync.sh

the script runs to see a string value is false or true

#!/bin/bash -i
catchup=$(cat /home/ubuntu/health.txt | awk -F"," '{print $20}' | awk -F"}" '{print $1}'| awk -F":" '{print $2}')
if [ $catchup = "false" ]; then
        echo "Node is synced"
        exit 0
else
        echo "Not Synced"
        exit 2
fi

If I run just the script it works fine and gives the value.

But if I run: sudo su nagios -c "/usr/local/nagios/libexec/check_sync.sh" I get:

bash: cannot set terminal process group (110223): Inappropriate ioctl for device
bash: no job control in this shell

cat: /home/ubuntu/health.txt: Permission denied
bash: [: =: unary operator expected
Not Synced

I tried to change the directory for health.txt from /home/ubutu/ to /tmp/health.txt so that user nagios can read it, so now when I run:

sudo su nagios -c "/usr/local/nagios/libexec/check_sync.sh"
bash: cannot set terminal process group (170765): Inappropriate ioctl for device
bash: no job control in this shell
Node is synced

But, still running on nagastamon is showing as "Not synced" which means its still either not reading the file correctly.

namei -l /home/ubuntu/health.txt

f: /home/ubuntu/health.txt
drwxr-xr-x root   root   /
drwxr-xr-x root   root   home
drwxr-x--- ubuntu ubuntu ubuntu
-rw-rw-r-- ubuntu ubuntu health.txt
tkrsh
  • 11
  • 2

1 Answers1

0

Your directory /home/ubuntu is restricted to the user and the group ubuntu, nobody else can enter this directory, including the user nagios.

Options to allow nagios access to the folder (and therefore the file):

  • allow other users access to the directory

    chmod o+rx /home/ubuntu

  • add nagios to the ubuntu group

    sudo adduser nagios ubuntu

  • use ACL to allow nagios access to the directory

    setfacl -m u:nagios rx /home/ubuntu

The second error is just a subsequent error that occurs because of the first one.

You could prevent it by enclosing your variable in quotes:

if [ "$catchup" = "false" ]; then

You should make a habit of doing this, it saves you from a lot of possible errors.

Gerald Schneider
  • 19,757
  • 8
  • 52
  • 79
  • Thanks! If I install ACL, that doesn't mess any of the other applications that I'm running on the server? Just wondering why the same setting is working on 20.4 LTS on not on this. – tkrsh Sep 01 '22 at 07:19
  • Most probably because the home directory is less restricted there. These are not the default home permissions on Ubuntu. The ACL option is the option with the least impact on the rest of the system, correct. – Gerald Schneider Sep 01 '22 at 07:21
  • Thanks that worked!! – tkrsh Sep 01 '22 at 07:24