Additional group memberships for argusd user
Sebastian.Kayser at bifab.de
Sebastian.Kayser at bifab.de
Wed Nov 23 05:54:30 EST 2005
Hi all,
we have some logfiles on our argus host which belong to root
and to the group logadm (permissions 640). These logfiles
should be monitored by argus.
In order to permit argus to read these logfiles we added the argusd user
(argus) to the group logadm and restartet argusd. Still argus
(specifically our check scripts triggered by argus) was not able to read
those files (permission denied). When i log in via the argus account and
start our bash-scripts used for the checking manually everythings works
fine.
I added some debugging in our check scripts to see what is going on when
the scripts are triggered by argusd
"id" returns:
uid=1000(argus) gid=102(argus) Gruppen=0(root)
"groups" returns:
argus root
On the CLI these commands return
argus at murphy:~$ id
uid=1000(argus) gid=102(argus) groups=102(argus),113(logadm)
argus at murphy:~$ groups
argus logadm
Why does our script run via argusd think argus belongs to the additional
group root and not to the group logadm? And why then do the permission not
suffice (as root should be able to read anything)?
Any idea on this? In fact i just want argusd to run as a user who belongs
to multiple groups and thus inherits broader permission in order to run
his checks.
Cheers,
Sebastian
More information about the Arguslist
mailing list