I am having what appears to be permission issues with Nagios on Centos. After I create a virtual server in Virtualmin, I get 402 errors when accessing any side bar options (anything from the cgi-bin).
I have checked and triple checked all my script aliases, permissions, libraries, etc. Also tried different versions of Nagios, including the current beta.
I also tried setting up a domain nagios.mydomain.com and pointing the web root to the nagios install, thinking it may be a host header setting.
I got the exact same behavior.
I am out of ideas of what could be causing this.
[Tue May 19 23:18:52 2009] [alert] getpwuid: couldn’t determine user name from uid 4294967295, you probably need to modify the User directive
This is a recurring error in the httpd/error_log
And that is basically the behavior I get, like the user is begin denied access.
What does the Apache VirtualHost section look like for your Nagios install?
And, do you have any .htaccess files in the DocumentRoot for Nagios?
Also, do other Virtual Servers work okay?
Here is my Virtual Host section
allow from all
Options FollowSymLinks Includes IncludesNOEXEC +Indexes
SuexecUserGroup nagios nagios
Alias /nagios/ "/usr/local/nagios/share/"
ScriptAlias /cgi-bin/ "/usr/local/nagios/sbin/"
Options ExecCGI FollowSymLinks Includes IncludesNOEXEC Indexes MultiViews SymLinksIfOwnerMatch
I do not have an .htaccess in my document root.
Other virtual server do work correctly.
Hmm, okay, a few thoughts.
First, while I don’t think this is the problem, it may cause issues down the road… using <VirtualHost *> can cause trouble… rather than that, you might want to use:
Listing your actual IP address and the port number, rather than just a * in there.
Regarding your issue – poking in the docs, they mention that when not accessed in CGI mode, that the SuexecUserGroup isn’t used, and that it falls back to the User directive.
So in your main httpd.conf or apache2.conf file, what is the User directive set to? And does that particular user exist on your system?
The User is set to apache.
This user does exist and is part of the nagios command group/
Hmm, well, it seems like something is up with the user Apache is trying to use for that Virtual Server. I’d try 3 things:
Comment out the SuexecUserGroup line, restart Apache, and try it again
Verify that there isn’t another User directive in your Apache config somewhere that’s confusing things
Make sure that the "apache" user is working as expected – on the command line, type "id apache" and make sure it returns some sane information
Still no change in the behavior.
There are no other User directives.
id apache returns all correct information.
suexec can’t work in /usr/local. You’ll have to either move nagios to some place in the suexec_docroot, or run it as the Apache user. You cannot use suexec outside of the suexec_docroot.