Re: Group access permissions

[Rubén Pérez]

Thanks so much for fixing this so quick! I'm glad to help!

Best regards
Rubén

On 15/10/15 00:24, Martin Pala wrote:
> Hi,
>
> thanks for the report and perfect instructions how to replicate the problem :)
>
> There really was a problem when the program was executed as different UID ... 
> the secondary groups of the given UID were not set.
>
> The problem is fixed now (fix will be part of upcoming monit-5.15), you can 
> test it using the following build if you want: 
> https://mmonit.com/tmp/monit-5.15_beta5.tar.gz
>
> Best regards,
> Martin
>
>
> > On 12 Oct 2015, at 17:15, Rubén Pérez <address@hidden> wrote:
> >
> > Hi,
> >
> > I've discovered monit a few months ago and I am really delighted with it. 
> > However, last week I've found a weird problem which, honestly, I do not know 
> > how to solve.
> >
> > I have some machines running Ubuntu 12.04, so the monit version is not the 
> > latest. Monit should make sure that a certain program runs owned by a certain 
> > unprivileged user. One of this program's plugins needs to access the serial 
> > port, but I am constantly getting permission errors. If I run the program 
> > directly with the same user, I do not get any errors. Let me explain how the 
> > user and group permissions are:
> >         • The serial port device is "/dev/ttyS0". Owner: root. Group: dialout. 
> > Permissions 660. This is the standard configuration for the serial ports in Ubuntu
> >         • The user main group is its own (for instance, user "sinho", group "sinho"), but 
> > it belongs to the group "dialout" nevertheless.
> > Please find attached a monit configuration file ("test_python_monit") and a python program ("test.py") that I've used to 
> > demonstrate the issue. I'm using "process" and not "program", because the monit version in 12.04 does not yet support a 
> > "program" check with arguments. In order to run this in your computer, you should change "test_python_monit" to include the 
> > actual path to the  "test.py" file in your system, and your own user name.
> >
> > All in all, the results I get with this test (which are the same as with the real 
> > program) are like this. Using the attached configuration file and running "monit 
> > validate":
> > 'python' process is not running
> > 'python' trying to restart
> > 'python' start: /usr/bin/python
> > User: 1000
> > Group: 1000
> > Efective User: 1000
> > Efective Group: 1000
> > Serial port owner 0 can read, can write and cannot execute
> > Serial port group 20 can read, can write and cannot execute
> > Serial port others cannot read, cannot write and cannot execute
> > Can we read? No
> > Can we write? No
> > Can we execute? No
> > Running the "test.py" script directly, I get:
> > User: 1000
> > Group: 1000
> > Efective User: 1000
> > Efective Group: 1000
> > Serial port owner 0 can read, can write and cannot execute
> > Serial port group 20 can read, can write and cannot execute
> > Serial port others cannot read, cannot write and cannot execute
> > Can we read? Yes
> > Can we write? Yes
> > Can we execute? No
> > So I guess the issue is that, with monit, the additional groups are not taken 
> > into account for some reason. But changing the group in the monit configuration 
> > is not an option, because the program I am using does some kind of user 
> > authorization using the group permissions.
> >
> > Any idea of how this can be solved?
> >
> > Thanks for your help
> > --
> > Rubén Pérez Vázquez
> >
> > Universität zu Köln
> > Regionales Rechenzentrum (RRZK)
> > Weyertal 121, Raum 4.05
> > D-50931 Köln
> > ✆: +49-221-470-89603
> > <test_python_monit.txt><test.py>--
> > To unsubscribe:
> > https://lists.nongnu.org/mailman/listinfo/monit-general
>
> --
> To unsubscribe:
> https://lists.nongnu.org/mailman/listinfo/monit-general