Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-11466

SNMP: snmpd restart always reowns unix socket to inaccessible ownership

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major - P3 Major - P3
    • 2.5.4
    • 2.5.3
    • None
    • * 2.5.4-pre Enterprise Ubuntu 12.04
      * Build version: enterprise-97c3a3d2b487e9376d484d33ede2895e379a3033-2013-10-29
    • ALL
    • Hide
      1. Install pre-req packages for SNMP.
      2. Edit /etc/snmpd/snmpd.conf to be standard SNMP master over UDP using unix socket at /tmp/agentx/master

        agentAddress udp:127.0.0.1:1161
        master agentx
        AgentXSocket /tmp/agentx/master

      3. Copy mongod.conf.subagent to /etc/snmp/mongod.conf, which specifies unix domain socket.
      4. Restart snmpd: /etc/init.d/snmpd restart
      5. Start a mongod as a SNMP subagent.

      Example startup command:

      ./bin/mongod --replSet rs --snmp-subagent --port 27017 --fork --dbpath data/noauth-rs-0/ --logpath logs/noauth-rs-0/mongod.log --smallfiles --nohttpinterface

      Show
      Install pre-req packages for SNMP. Edit /etc/snmpd/snmpd.conf to be standard SNMP master over UDP using unix socket at /tmp/agentx/master agentAddress udp:127.0.0.1:1161 master agentx AgentXSocket /tmp/agentx/master Copy mongod.conf.subagent to /etc/snmp/mongod.conf, which specifies unix domain socket. Restart snmpd: /etc/init.d/snmpd restart Start a mongod as a SNMP subagent. Example startup command: ./bin/mongod --replSet rs --snmp-subagent --port 27017 --fork --dbpath data/noauth-rs-0/ --logpath logs/noauth-rs-0/mongod.log --smallfiles --nohttpinterface

    Description

      The new mongod.conf.subagent uses a UNIX socket definition of:

      agentXSocket /tmp/agentx/master

      On Ubuntu Server 12.04, This causes a directory structure permission/ownership as follows:

      $ sudo ls -alh /tmp/agentx/
      total 8.0K
      drwx------ 2 root root 4.0K Oct 30 13:29 .
      drwxrwxrwt 3 root root 4.0K Oct 30 13:29 ..
      srwxr-xr-x 1 root root    0 Oct 30 13:29 master
      $
      

      Note that the /tmp/agentx is only user visible, and everything is owned by root. The more unexpected behavior, however, is that the permissions and ownership of the socket file are always reset back to root ownership and only user-writeable.

      $ ls -lha /tmp/agentx/
      total 8.0K
      drwx------ 2 ubuntu ubuntu 4.0K Oct 30 13:17 .
      drwxrwxrwt 3 root   root   4.0K Oct 30 13:17 ..
      srwxrwxr-x 1 ubuntu ubuntu    0 Oct 30 13:17 master
      ubuntu@ip-10-239-24-41:~/mongodb$ sudo /etc/init.d/snmpd restart
       * Restarting network management services:                                                                                                                                                                                                                            ubuntu@ip-10-239-24-41:~/mongodb$ ls -lha /tmp/agentx/
      total 8.0K
      drwx------ 2 ubuntu ubuntu 4.0K Oct 30 13:19 .
      drwxrwxrwt 3 root   root   4.0K Oct 30 13:17 ..
      srwxr-xr-x 1 root   root      0 Oct 30 13:19 master
      

      This implies that the mongod running as a subagent will not be able to communicate through the UNIX socket.

      The SNMP doc describes additional parameters (agentXPerms) to control the permission/ownership, so perhaps a documentation-only change. But also might be worth mentioning as a comment in the mongod.conf.subagent file itself.
      http://net-snmp.sourceforge.net/docs/man/snmpd.conf.html

      Attachments

        Activity

          People

            james.wahlin@mongodb.com James Wahlin
            john.morales@mongodb.com John Morales
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: