Mar 282015
 

This is an old post I wrote, but never published, back in 2010.

I’ve started using Munin for some statistical monitoring. Using the hddtemp_smartctl plugin, I was getting some permission errors.

After printing the output of the command, I noticed these in the logs:

2010/03/11-18:30:05 [60845]     [ERROR] Command /usr/local/sbin/smartctl -A /dev/ad8 on drive ad8 failed: 256.  The plugin needs to have read permission on all monitored devices. smartctl 5.39 2009-12-09 r2995 [FreeBSD 8.0-STABLE amd64] (local build)
2010/03/11-18:30:05 [60845]     Copyright (C) 2002-9 by Bruce Allen, http://smartmontools.sourceforge.net
2010/03/11-18:30:05 [60845]     /dev/ata control device can't be opened: Permission denied
2010/03/11-18:30:05 [60845]     Unable to get ATA device list
2010/03/11-18:30:05 [60845]     /dev/xpt0 control device couldn't opened: Permission denied
2010/03/11-18:30:05 [60845]     Unable to get CAM device list
2010/03/11-18:30:05 [60845]     /dev/ad8: Unable to detect device type
2010/03/11-18:30:05 [60845]     Smartctl: please specify device type with the -d option.
2010/03/11-18:30:05 [60845]     Use smartctl -h to get a usage summary

Oh, so what UID/GID is being used here?

I added this to the script:

print "UID= '$<' effective UID='$>' GID='$(' effective GID='$)'\n";

Which added this to the log:

UID= '65534' effective UID='65534' GID='842 842 5' effective GID='842 842 5'

OK, it’s running as nobody. Not quite sufficient. Testing the command to confirm this:

# su -m nobody -c '/usr/local/sbin/smartctl -A /dev/ad8 '
smartctl 5.39 2009-12-09 r2995 [FreeBSD 8.0-STABLE amd64] (local build)
Copyright (C) 2002-9 by Bruce Allen, http://smartmontools.sourceforge.net

/dev/ata control device can't be opened: Permission denied
Unable to get ATA device list
/dev/xpt0 control device couldn't opened: Permission denied
Unable to get CAM device list
/dev/ad8: Unable to detect device type
Smartctl: please specify device type with the -d option.

Use smartctl -h to get a usage summary

I added this line to /etc/devfs.conf:

perm    ata     0660

And restarted devfs:

/etc/rc.d/devfs restart

Now the permissions are:

# ls -l /dev/ata
crw-rw----  1 root  operator    0,  33 Mar 10 20:02 /dev/ata

Now, if I run the command as the munin user, I get:

# su -m munin -c '/usr/local/sbin/smartctl -A /dev/ad8 '
smartctl 5.39 2009-12-09 r2995 [FreeBSD 8.0-STABLE amd64] (local build)
Copyright (C) 2002-9 by Bruce Allen, http://smartmontools.sourceforge.net

=== START OF READ SMART DATA SECTION ===
SMART Attributes Data Structure revision number: 16
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate     0x000b   099   099   016    Pre-fail  Always       -       65537
  2 Throughput_Performance  0x0005   133   133   054    Pre-fail  Offline      -       101
  3 Spin_Up_Time            0x0007   100   100   024    Pre-fail  Always       -       0
  4 Start_Stop_Count        0x0012   100   100   000    Old_age   Always       -       4
  5 Reallocated_Sector_Ct   0x0033   100   100   005    Pre-fail  Always       -       0
  7 Seek_Error_Rate         0x000b   100   100   067    Pre-fail  Always       -       0
  8 Seek_Time_Performance   0x0005   112   112   020    Pre-fail  Offline      -       39
  9 Power_On_Hours          0x0012   100   100   000    Old_age   Always       -       141
 10 Spin_Retry_Count        0x0013   100   100   060    Pre-fail  Always       -       0
 12 Power_Cycle_Count       0x0032   100   100   000    Old_age   Always       -       4
192 Power-Off_Retract_Count 0x0032   100   100   000    Old_age   Always       -       5
193 Load_Cycle_Count        0x0012   100   100   000    Old_age   Always       -       5
194 Temperature_Celsius     0x0002   181   181   000    Old_age   Always       -       33 (Lifetime Min/Max 20/36)
196 Reallocated_Event_Count 0x0032   100   100   000    Old_age   Always       -       0
197 Current_Pending_Sector  0x0022   100   100   000    Old_age   Always       -       0
198 Offline_Uncorrectable   0x0008   100   100   000    Old_age   Offline      -       0
199 UDMA_CRC_Error_Count    0x000a   200   200   000    Old_age   Always       -       0

I added the munin user to the operator group:

# grep munin /etc/group
operator:*:5:root,bacula,munin
munin:*:842:

To tell munin to run this command as munin, and not as nobody, I have these lines in /usr/local/etc/munin/plugin-conf.d/plugins.conf:

[hddtemp_smartctl]
user  ngaios
group operator
env.smartctl /usr/local/sbin/smartctl

Then I restarted munin:

# /usr/local/etc/rc.d/munin-node restart
Stopping munin_node.
Waiting for PIDS: 9778.
Starting munin_node.

Now things are being reported correctly.

Website Pin Facebook Twitter Myspace Friendfeed Technorati del.icio.us Digg Google StumbleUpon Premium Responsive