Additional group memberships for argusd user

Jeff Weisberg jaw+arguslist at tcp4me.com
Fri Nov 25 13:03:49 EST 2005


On 23 Nov, 2005, at 5:54, Sebastian.Kayser at bifab.de wrote:


> Hi all,
>
> we have some logfiles on our argus host which belong to root
> and to the group logadm (permissions 640). These logfiles
> should be monitored by argus.
>
> In order to permit argus to read these logfiles we added the argusd  
> user
> (argus) to the group logadm and restartet argusd. Still argus
> (specifically our check scripts triggered by argus) was not able to  
> read
> those files (permission denied). When i log in via the argus  
> account and
> start our bash-scripts used for the checking manually everythings  
> works
> fine.
>
> I added some debugging in our check scripts to see what is going on  
> when
> the scripts are triggered by argusd
>
> "id" returns:
> uid=1000(argus) gid=102(argus) Gruppen=0(root)
>
> "groups" returns:
> argus root
>
> On the CLI these commands return
>
> argus at murphy:~$ id
> uid=1000(argus) gid=102(argus) groups=102(argus),113(logadm)
> argus at murphy:~$ groups
> argus logadm
>
> Why does our script run via argusd think argus belongs to the  
> additional
> group root and not to the group logadm?


how are you starting argus?

are you logging in as argus and running argusd?
or are you starting argusd as root and having it change
userid/groupid by passing it '-u' and/or -g'?



> And why then do the permission not
> suffice (as root should be able to read anything)?


the root *user* has permission to read anything.
unix does not give any special permission to group 0.






More information about the Arguslist mailing list