Trouble with Nagios

Denverb · May 21, 2009, 9:11pm

I am having what appears to be permission issues with Nagios on Centos. After I create a virtual server in Virtualmin, I get 402 errors when accessing any side bar options (anything from the cgi-bin).
I have checked and triple checked all my script aliases, permissions, libraries, etc. Also tried different versions of Nagios, including the current beta.
I also tried setting up a domain nagios.mydomain.com and pointing the web root to the nagios install, thinking it may be a host header setting.
I got the exact same behavior.

I am out of ideas of what could be causing this.

Joe · May 21, 2009, 9:13pm

Check the error_log.

Denverb · May 22, 2009, 4:25pm

[Tue May 19 23:18:52 2009] [alert] getpwuid: couldn’t determine user name from uid 4294967295, you probably need to modify the User directive

This is a recurring error in the httpd/error_log

And that is basically the behavior I get, like the user is begin denied access.

Eric · May 22, 2009, 11:01pm

What does the Apache VirtualHost section look like for your Nagios install?

And, do you have any .htaccess files in the DocumentRoot for Nagios?

Also, do other Virtual Servers work okay?
-Eric

Denverb · May 25, 2009, 9:48pm

Here is my Virtual Host section

[code:1]<VirtualHost *>
DocumentRoot /usr/local/nagios/share
<Directory "/usr/local/nagios/share">
allow from all
Options FollowSymLinks Includes IncludesNOEXEC +Indexes
</Directory>
<Directory "/usr/local/nagios/sbin">
Options ExecCGI
</Directory>
SuexecUserGroup nagios nagios
Alias /nagios/ "/usr/local/nagios/share/"
ScriptAlias /cgi-bin/ "/usr/local/nagios/sbin/"
Options ExecCGI FollowSymLinks Includes IncludesNOEXEC Indexes MultiViews SymLinksIfOwnerMatch
</VirtualHost>[/code:1]

I do not have an .htaccess in my document root.

Other virtual server do work correctly.

Eric · May 25, 2009, 11:23pm

Hmm, okay, a few thoughts.

First, while I don’t think this is the problem, it may cause issues down the road… using <VirtualHost *> can cause trouble… rather than that, you might want to use:

Listing your actual IP address and the port number, rather than just a * in there.

Regarding your issue – poking in the docs, they mention that when not accessed in CGI mode, that the SuexecUserGroup isn’t used, and that it falls back to the User directive.

So in your main httpd.conf or apache2.conf file, what is the User directive set to? And does that particular user exist on your system?
-Eric

Denverb · May 26, 2009, 8:04am

The User is set to apache.
This user does exist and is part of the nagios command group/

Eric · May 26, 2009, 12:36pm

Hmm, well, it seems like something is up with the user Apache is trying to use for that Virtual Server. I’d try 3 things:

Comment out the SuexecUserGroup line, restart Apache, and try it again
Verify that there isn’t another User directive in your Apache config somewhere that’s confusing things
Make sure that the "apache" user is working as expected – on the command line, type "id apache" and make sure it returns some sane information

Denverb · May 28, 2009, 9:29pm

Still no change in the behavior.
There are no other User directives.
id apache returns all correct information.

Joe · May 29, 2009, 1:12am

suexec can’t work in /usr/local. You’ll have to either move nagios to some place in the suexec_docroot, or run it as the Apache user. You cannot use suexec outside of the suexec_docroot.