monit-general
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Group access permissions


From: Rubén Pérez
Subject: Group access permissions
Date: Mon, 12 Oct 2015 17:15:58 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.3.0

Hi,

I've discovered monit a few months ago and I am really delighted with it. However, last week I've found a weird problem which, honestly, I do not know how to solve.

I have some machines running Ubuntu 12.04, so the monit version is not the latest. Monit should make sure that a certain program runs owned by a certain unprivileged user. One of this program's plugins needs to access the serial port, but I am constantly getting permission errors. If I run the program directly with the same user, I do not get any errors. Let me explain how the user and group permissions are:
  • The serial port device is "/dev/ttyS0". Owner: root. Group: dialout. Permissions 660. This is the standard configuration for the serial ports in Ubuntu
  • The user main group is its own (for instance, user "sinho", group "sinho"), but it belongs to the group "dialout" nevertheless.
Please find attached a monit configuration file ("test_python_monit") and a python program ("test.py") that I've used to demonstrate the issue. I'm using "process" and not "program", because the monit version in 12.04 does not yet support a "program" check with arguments. In order to run this in your computer, you should change "test_python_monit" to include the actual path to the  "test.py" file in your system, and your own user name.

All in all, the results I get with this test (which are the same as with the real program) are like this. Using the attached configuration file and running "monit validate":
'python' process is not running
'python' trying to restart
'python' start: /usr/bin/python
User: 1000
Group: 1000
Efective User: 1000
Efective Group: 1000
Serial port owner 0 can read, can write and cannot execute
Serial port group 20 can read, can write and cannot execute
Serial port others cannot read, cannot write and cannot execute
Can we read? No
Can we write? No
Can we execute? No
Running the "test.py" script directly, I get:
User: 1000
Group: 1000
Efective User: 1000
Efective Group: 1000
Serial port owner 0 can read, can write and cannot execute
Serial port group 20 can read, can write and cannot execute
Serial port others cannot read, cannot write and cannot execute
Can we read? Yes
Can we write? Yes
Can we execute? No
So I guess the issue is that, with monit, the additional groups are not taken into account for some reason. But changing the group in the monit configuration is not an option, because the program I am using does some kind of user authorization using the group permissions.

Any idea of how this can be solved?

Thanks for your help
--
Rubén Pérez Vázquez

Universität zu Köln
Regionales Rechenzentrum (RRZK)
Weyertal 121, Raum 4.05
D-50931 Köln
✆: +49-221-470-89603

Attachment: test_python_monit
Description: Text document

Attachment: test.py
Description: Text Data


reply via email to

[Prev in Thread] Current Thread [Next in Thread]