分类: 系统运维
2012-01-31 11:53:35
通过web界面修改某个服务时报错例如对某个服务进行临时安排其执行时间,或者不让它发警告,web页面上都有这样的设置.但是常常会有错误信息如下:
| Could not open command file '/usr/local/nagios/var/rw/nagios.cmd' for update!The permissions on the external command file and/or directory may be incorrect. Read the FAQs on how to setup proper permissions.An error occurred while attempting to commit your command for processing. |
# EXTERNAL COMMAND FILE# This is the file that Nagios checks for external command requests.# It is also where the command CGI will write commands that are submitted# by users, so it must be writeable by the user that the web server# is running as (usually 'nobody'). Permissions should be set at the# directory level instead of on the file, as the file is deleted every# time its contents are processed. 这段话的核心意思是apache的运行用户要有对文件写的权限.权限应该设置在目录上,因为每次文件的内容被处理后文件就会被删掉 command_file=/usr/local/nagios/var/rw/nagios.cmd |
首先,看一下你的进程,apache的进程,是什么用户运行,一般会是nobody
#ps -ef | grep http
root 27252 1 0 Feb26 ? 00:00:01 /usr/local/apache/bin/httpd -k start
nobody 12587 27252 0 15:23 ? 00:00:00 /usr/local/apache/bin/httpd -k start
nobody 12588 27252 0 15:23 ? 00:00:00 /usr/local/apache/bin/httpd -k start
nobody 12589 27252 1 15:23 ? 00:00:01 /usr/local/apache/bin/httpd -k start
nobody 12590 27252 1 15:23 ? 00:00:01 /usr/local/apache/bin/httpd -k start
nobody 12591 27252 0 15:23 ? 00:00:00 /usr/local/apache/bin/httpd -k start
nobody 12618 27252 0 15:23 ? 00:00:00 /usr/local/apache/bin/httpd -k start
注意,这里指的是普通用户,而不是root运行的那个起始进程。
然后怎么做呢,如果你运行的nagios进程的用户是nagios,组也是nagios,则:
usermod -G nagios nobody
chmod g+s /path/to/nagiosdir/var/rw
注意,cgi.cfg里面设置就不多说了。
然后重启apache,这样就能运行了。
关于apache的启动用户,是在httpd.conf中定义的:
User ***
Group ***
缺省设置为nobody和nogroup,这个用户和组在系统中不拥有文件,保证了服务器本身和由它启动的CGI 进程没有权限更改文件系统。在某些情况下,例如为了运行CGI与Unix交互,也需要让服务器来访问服务器上的文件,如果仍然使用nobody和 nogroup,那么系统中将会出现属于nobody的文件,这对于系统安全是不利的,因为其他程序也会以nobody和nogroup的权限执行某些操作,就有可能访问这些nobody拥有的文件,造成安全问题。一般情况下要为Web服务设定一个特定的用户和组,同时在这里更改用户和组设置。
