[icinga-users] Custom plugin Countdownto reports WARNING

Odermatt Nicolas nicolas.odermatt at fhnw.ch
Wed Jul 25 16:41:59 CEST 2018


Hi Ian


Good idea! If I am not mistaken, Icinga2 uses an user "nagios" to run the service.


Indeed I do receive the same output!

root at server1100:/tmp# sudo -u nagios /usr/lib/nagios/plugins/countdown_to_date.php --date 2013-02-11 --warning 60 --critical 30
Could not open input file: /usr/lib/nagios/plugins/countdown_to_date.php

This is the only php plugin that I am using, therefore the user nagios might not be able to run php. But it seems that the "others" do have execution permission:
(/etc/alternatives/php points to php7.2)

root at server1100:/tmp# ls -la /usr/bin/ | grep php
lrwxrwxrwx  1 root   root          21 Jun  1 14:07 php -> /etc/alternatives/php
-rwxr-xr-x  1 root   root     4500312 May  2 10:23 php5.6
-rwxr-xr-x  1 root   root     4895768 Jun 22 08:45 php7.2

Running the command using sudo does work:

nic at server1100:/tmp$ sudo  /usr/lib/nagios/plugins/countdown_to_date.php --date 2013-02-11 --warning 60 --critical 30
[sudo] password for nic:
CRITICAL: 1990 days have past since 2013-02-11

I found the culprit thanks to this stackoverflow post [0] "Scripts must have read permission so that their interpreter can read them.".

Therefore the following worked: chmod o=r+x /usr/lib/nagios/plugins/countdown_to_date.php

Though I might to consider only giving the nagios user access to that file and not every other user on the system. Maybe a sudoers edit can help out.

Thanks for your input, helped me to look at it from another angle!

Nic


[0] https://serverfault.com/questions/177284/do-php-files-need-read-permission-to-be-executed-in-cli
[https://cdn.sstatic.net/Sites/serverfault/img/apple-touch-icon@2.png?v=9b1f48ae296b]<https://serverfault.com/questions/177284/do-php-files-need-read-permission-to-be-executed-in-cli>

ubuntu - Do PHP files need read permission to be executed in CLI? - Server Fault<https://serverfault.com/questions/177284/do-php-files-need-read-permission-to-be-executed-in-cli>
serverfault.com
I have a php file test.php #!/bin/php <?php echo "test"; ?> This file owned by root and its permissions are these -rwxr-x--x so 'others' can execute, but cannot read. When logged in...




________________________________
From: icinga-users <icinga-users-bounces at lists.icinga.org> on behalf of Ian Rarity <Ian.Rarity at espc.com>
Sent: Wednesday, July 25, 2018 3:58:14 PM
To: Icinga User's Corner
Subject: Re: [icinga-users] Custom plugin Countdownto reports WARNING

Hi Nic,

>From the “local execution” part in your email, it looks like you’re running the command as root; what happens if you run it as the user that Icinga uses instead?

Ta,
IR.

From: icinga-users <icinga-users-bounces at lists.icinga.org> On Behalf Of Odermatt Nicolas
Sent: 25 July 2018 14:11
To: icinga-users at lists.icinga.org
Subject: [icinga-users] Custom plugin Countdownto reports WARNING


Hi guys



I'm having trouble installing the plugin countdown_to [0] in Icinga2 with Icingaweb2 and Icingadirector.



The thing is that local execution works:

root at server1100:/tmp# /usr/lib/nagios/plugins/countdown_to_date.php --date 2013-02-11 --warning 60 --critical 30
CRITICAL: 1990 days have past since 2013-02-11



And that Permissions are properly (according to the other plugins):

root at server1100:/tmp# ls -la /usr/lib/nagios/plugins/ | grep count
-rwxrwx--x 1 root root 48139 Jul 25 12:44 countdown_to_date.php



But I get the following error message in the GUI:

[cid:image001.png at 01D42427.E85A8D40]



I tried to remove the "-q" option from line 1 from the script, like was suggested on stackoverflow [1] but that didn't work.



Here's the command definition also:
object CheckCommand "Countdown" {
   import "plugin-check-command"
   command = [
       PluginDir + "/countdown_to_date.php",
       "--date",
       "2013-02-11",
       "--warning",
       "60",
       "--critical",
       "30"
   ]
}




Has anyone an idea what I'm missing?



Cheers,

Nic



PS: I know that the date I'm passing doesn't make a lot of sense, but its a POC at the moment ;-)



[0] https://exchange.nagios.org/directory/Plugins/Others/countdown_to_date/details

[1] https://stackoverflow.com/questions/4567688/problems-with-a-php-shell-script-could-not-open-input-file
[https://cdn.sstatic.net/Sites/stackoverflow/img/apple-touch-icon@2.png?v=73d79a89bded]<https://stackoverflow.com/questions/4567688/problems-with-a-php-shell-script-could-not-open-input-file>

bash - Problems with a PHP shell script: "Could not open input file" - Stack Overflow<https://stackoverflow.com/questions/4567688/problems-with-a-php-shell-script-could-not-open-input-file>
stackoverflow.com
Ok, I am trying to create an email logger, that uses a PHP shell script. I have set up CPanel to pipe emails to my script. I am sure this is all configured properly. However I am having problems wi...


countdown_to_date - Nagios Exchange<https://exchange.nagios.org/directory/Plugins/Others/countdown_to_date/details>
exchange.nagios.org
Nagios Exchange - The official site for hundreds of community-contributed Nagios plugins, addons, extensions, enhancements, and more!



[http://assets.espc.com/sig/SHA_Finalist.png] [http://assets.espc.com/sig/SLA.png]
Private and Confidential: This e-mail transmission is strictly confidential and intended solely for the addressee. It may contain privileged and confidential information and if you are not the intended recipient, you must not copy, disclose, distribute or take any action in reliance on it. If you have received this e-mail in error, please delete it and notify our E-mail Systems Administrator on +44 (0) 131 624 8000. ESPC (UK) Ltd does not accept any liability for any harm that may be caused to the recipient's system or data by this message or any attachment.
ESPC (UK) Ltd is a company registered under the Companies Acts in Scotland (Registered Number SC203585), and having its registered office at 90A George Street, Edinburgh, Midlothian EH2 3DF.
ESPC (UK) Ltd is an Appointed Representative of Lyncombe Consultants Ltd which is authorised and regulated by the Financial Conduct Authority.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.icinga.org/pipermail/icinga-users/attachments/20180725/1af26170/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 21199 bytes
Desc: image001.png
URL: <http://lists.icinga.org/pipermail/icinga-users/attachments/20180725/1af26170/attachment-0001.png>


More information about the icinga-users mailing list