[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: monitoring FIFOs permissions
From: |
Martin Pala |
Subject: |
Re: monitoring FIFOs permissions |
Date: |
Mon, 26 Dec 2005 22:39:12 +0100 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20051007 Debian/1.7.12-1 |
Jan-Henrik Haukeland wrote:
On 26. des. 2005, at 00.16, Martin Pala wrote:
Example syntax:
check fifo qmgr-fifo with path /var/spool/postfix/public/qmgr
if failed permission 622 then alert
if failed uid postfix then alert
if failed gid postdrop then alert
If developers will agree, i can add it to the cvs.
Hmm, my initial thought on this is that instead of creating a new
specialized file check-service and "duplicate" code, another option is
to, during parse-time, issue an error when if-checks that is not
supported by the concrete file is used. Since there are many different
files on Unix we may end up with lots of new specialized statements if
we start. We already have three specialized statements for file;
directory, device and file which should suffice IMHO. The
end-functionality should be the same and we keep the name-space in the
control file small.
I though about it this way:
Monit watch the monitored object type (in the case of file it checks
whether it is regular file, etc.) In the case that the type changed,
monit can handle the event. This is important since you need to check
that for example the fifo was not replaced by regular file, the file
with directory, etc. Because also some tests are specific for given
object type (for example checksum make sense only for regular file) =>
you need to know the object type to support just relevant tests. In the
case that we will reuse the 'check file' statement for fifo, we will
need to add some option which will specify the expected object type and
extend the parser so that it will check the syntax of 'check file'
statement based on object type context. I think the standalone 'check
fifo' is more simple in this case (the context is clearly given by
service type and just related options/tests are naturaly supported). And
last but not least ;) ... we already use different check statements for
device, directory and file (FIFO is just another standalone type).
We already covered almost all basic types (stat system call - types):
check file:
S_ISREG(m) is it a regular file?
check directory:
S_ISDIR(m) directory?
check device:
S_ISCHR(m) character device?
S_ISBLK(m) block device?
check fifo (maybe?):
S_ISFIFO(m) FIFO (named pipe)?
not implemented currently (and probably not needed):
S_ISLNK(m) symbolic link? (Not in POSIX.1-1996.)
S_ISSOCK(m) socket? (Not in POSIX.1-1996.)
For these reasons, i think the new 'check fifo' is better then sharing
the 'check file' statement.
What do you think?
Thanks :)
Martin