Ad Widget

Collapse

Permission denied UserParameter script shell

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • mastraze
    Member
    • Jul 2011
    • 30
    #1

    Permission denied UserParameter script shell

    Hi,

    I was facing a small issue concerning the permission for running a script in Zabbix Agent ! Eventually , I was trying to see how it works by adding in zabbix_agentd.conf :

    UserParameter=test,/home/script_test.sh

    scritpt_test.sh just small script : echo 10
    Permission for the script have been changed to chmod a+x ...Even with chmod 777

    The zabbix_agemtd.log shows :

    sh: /home/script_test.sh : permission denied !!

    I am running Zabbix 2.2 both server and agent with zabbix accounts !


    Any hints

    Thanks in advance !
    Tags: None
    • aib
      Senior Member
      • Jan 2014
      • 1615
      #2
      Did you check if your "zabbix" user has a shell configured?
      Code:
      [server] # grep zabbix /etc/passwd
zabbix:x:500:500::/home/zabbix:/bin/bash
      Sincerely yours,
      Aleksey

        Comment

        • mastraze
          Member
          • Jul 2011
          • 30
          #3
          Hey,

          zabbix user is already configured ! but why I should check this part in server side ?

            Comment

            • aib
              Senior Member
              • Jan 2014
              • 1615
              #4
              sorry about that
              server was the first PC which has an open terminal connection to provide you the line which I talked about.

              You are right, it has to be checked on Agent's PC.

              One more thing - did you check that Zabbix user has access to /home directory? In other world - could you connect to agent's PC as zabbix user and run the script_test.sh ?
              Sincerely yours,
              Aleksey

                Comment

                • mastraze
                  Member
                  • Jul 2011
                  • 30
                  #5
                  Thanks aib for your response.


                  Actually, I have zabbix account running in the zabbix agent and the script was created and executed also by the zabbix user !

                  The zabbix account also added in /etc/sudoers and can access to /bin/bash as well !

                  But still the same issue !!!

                    Comment

                    • vladkras
                      Junior Member
                      • Oct 2016
                      • 2
                      #6
                      I solved by editing my zabbix_agentd.conf and group of my zabbix user. Everyone who have similar problems try to follow this steps

                      1. check user that run zabbix_agentd with
                      Code:
                      ps aux | grep zabbix
                      Though I start it with root but htop and ps show zabbix user is owner
                      2. if you also has zabbix login with
                      Code:
                      su - zabbix
                      and check
                      Code:
                      zabbix_agentd -t item.key
                      where item.key is your UserParameter
                      3. If everything is ok in your zabbix_agentd.conf (I open it this way)
                      Code:
                      vim  /usr/local/etc/zabbix_agentd.conf
                      look for Option: User section and uncomment last line
                      Code:
                      # Mandatory: no
# Default:
User=zabbix
                      4. restart zabbix agent in your preferred way. I don't have special scripts, so I just kill all zabbix proccesses and run
                      Code:
                      zabbix_agentd
                      again

                        Comment

                        • batchenr
                          Senior Member
                          • Sep 2016
                          • 440
                          #7
                          my soulotion

                          i solved it by running :

                          systemctl stop zabbix-agent.service

                          chown -R zabbix:zabbix /var/log/zabbix
                          chown -R zabbix:zabbix /var/run/zabbix
                          chmod -R 775 /var/log/zabbix/
                          chmod -R 775 /var/run/zabbix/
                          /usr/sbin/zabbix_agentd -c /etc/zabbix/zabbix_agentd.conf

                            Comment

                            • nlsteffens
                              Junior Member
                              • Dec 2022
                              • 4
                              #8
                              Check SELinux by running 'getenforce' as root. If SELinux is running, do the following:

                              > grep "SELinux is preventing" /var/log/messages

                              find a line that looks like 'sealert -l xxxxx-xxxxx-xxxx-xxxx'

                              > sealert -l xxxxx-xxxxx-xxxx-xxxx

                              in the output you'll see something like the following:
                              allow this access for now by executing:
                              # ausearch -c 'mysql' --raw | audit2allow -M my-mysql
                              # semodule -X 300 -i my-mysql.pp​

                              run these commands:

                              > ausearch -c 'mysql' --raw | audit2allow -M my-mysql
                              > semodule -X 300 -i my-mysql.pp

                              This will add a rule in that allows the command to be executed under SELinux. Make sure there are no further problems by executing:

                              ​> grep "SELinux is preventing" /var/log/messages
                              ​

                                Comment

                                Previous template Next
                                Working...