Cacti (home)ForumsDocumentation
Cacti: offical forums and support
It is currently Sun Aug 20, 2017 12:15 pm

All times are UTC - 5 hours




Post new topic Reply to topic  [ 18 posts ]  Go to page Previous  1, 2
Author Message
 Post subject: Re: [Cacti 1.0.4] Structured RRD Path - BUG
PostPosted: Tue Mar 14, 2017 4:09 am 
Offline
Cacti Guru User
User avatar

Joined: Thu Jan 31, 2008 6:39 am
Posts: 2598
Location: Kressbronn, Germany
Nope not yet.

_________________
Greetings,
Phalek
---
Need more help ? Read the Cacti documentation or my new Cacti Book
Need on-site support ? Look here Cacti Workshop
Need professional Cacti support ? Look here CereusService
---
Plugins : CereusTransporter | CereusReporting | nmidWebService | nmidSmokeping | nmidWeb2 |

Code:
CereusServer Master:  SYSTEM STATS: Time:2.5621 Method:spine Processes:1 Threads:16 Hosts:446 HostsPerProcess:446 DataSources:14683 RRDsProcessed:7573
CereusServer Agent:   SYSTEM STATS: Time:27.4840 Method:spine Processes:1 Threads:8 Hosts:16 HostsPerProcess:16 DataSources:114576 RRDsProcessed:48061


Top
 Profile  
 
 Post subject: Re: [Cacti 1.0.4] Structured RRD Path - BUG
PostPosted: Tue Mar 28, 2017 5:58 pm 
Offline

Joined: Sun Feb 26, 2017 10:33 am
Posts: 46
phalek wrote:
With the permissions, you do the following:

- Create a group where apache and the cacti polling user belong to.
- Change the ownership of the rra directory so that the group has read+write access to it
- Follow the Answer from this post to make the group permission "sticky": Getting new files to inherit group permissions on Linux

Now even if apache creates the folder, the cacti polling user should have write access to it.



It just came to my mind setfacl

actually to apply an ACL on the folder to allow the group members to read AND write files created in the folder by other user in the same group then this should be enough:

Code:
setfacl -d -m g::rw /var/www/html/cacti/rra


then there are two options I think

  • cactiuser and apache are members of each other's group (apache groups: apache cactiuser ---- cactiuser groups: cactiuser apache)
  • use group permission "sticky" on the folder (owned by cactiuser.apache) and make cactiuser a member of apache as well

Personally I prefer the first option, as I noticed that by using BOOST the user who creates the RRD files is the "apache" user, while not using BOOST the user creating the files is the one running the poller (commonly for me "cactiuser").

If you have any thought about it, or if I got it all wrong, just let me know.

Thanks,


Top
 Profile  
 
 Post subject: Re: [Cacti 1.0.4] Structured RRD Path - BUG
PostPosted: Sat Apr 29, 2017 3:17 am 
Offline

Joined: Tue May 04, 2010 4:47 am
Posts: 17
Quote:
setfacl -d -m g::rw /var/www/html/cacti/rra

This is nearly the perfect way to do it ;)

I dont use structured RRD but I also failed cleaning up unused RRD files.
Despite this is "fixed" in github, the most easy way for a setup like mine:
- all cacti folders are set to user/group www-data (default apache user on debian)
- user for rra and log are set to cactiuser
- cactiuser is creating the rrd's as cacti:cacti
Code:
setfacl -d -m group:www-data:rw /var/www/html/cacti/rra
setfacl -d -m group:www-data:rw /var/www/html/cacti/log


done ;)

It does not matter whos the owner or group, who has write rights or not... you simply allow the apache-user to rw the files in the appropriate folders while owner and group can be anything.
It will STILL throw you error messages in the cacti log

before:
Quote:
[email protected]:/var/www/html/cacti# getfacl rra/
# file: rra/
# owner: cacti
# group: www-data
user::rwx
group::rwx
other::r-x


Code:
# setfacl -d -m group:www-data:rw /var/www/html/cacti/rra


after:
Quote:
[email protected]:/var/www/html/cacti# getfacl rra/
# file: rra/
# owner: cacti
# group: www-data
user::rwx
group::rwx
other::r-x
default:user::rwx
default:group::rwx
default:group:www-data:rw-
default:mask::rwx
default:other::r-x


happy deleting using cacti gui
Code:
2017-04-29 08:30:02 - SYSTEM RRDMAINT STATS: Time:0.0699 Purged:1 Archived:0
2017-04-29 08:30:02 - CMDPHP PHP ERROR WARNING Backtrace: (/poller_maintenance.php: 112 remove_files)(/poller_maintenance.php: 315 rrdclean_create_path)(/poller_maintenance.php: 399 chgrp)(CactiErrorHandler)(/lib/functions.php: 4296 cacti_debug_backtrace)
2017-04-29 08:30:02 - ERROR PHP WARNING: chgrp(): Operation not permitted in file: /var/www/html/cacti/poller_maintenance.php on line: 399


Not quite sure why chgrp and chown is needed in that php code, I am not a coder.. but its a "rights" issue which should be adressed during installation, so once you setup the extended ACL there should be no need for chgrp and chown.. i think


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 18 posts ]  Go to page Previous  1, 2

All times are UTC - 5 hours


Who is online

Users browsing this forum: Bing [Bot], Majestic-12 [Bot] and 12 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  

Protected by Anti-Spam ACP Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group