nagios-charmers team mailing list archive

[Sandor Zeestraten <sandor@xxxxxxxxxxxxxxx>]

Sandor Zeestraten has proposed merging ~szeestraten/nagios-charm:bugfix_1669920 into nagios-charm:master.

Requested reviews:
  Nagios Charm developers (nagios-charmers)
Related bugs:
  Bug #1669920 in Nagios Charm: "nagios/thruk-slave incorrect permissions on livestatus directory"
  https://bugs.launchpad.net/nagios-charm/+bug/1669920

For more details, see:
https://code.launchpad.net/~szeestraten/nagios-charm/+git/nagios-charm/+merge/323491

Fixes permissions on livestatus socket directory for #1669920
-- 
Your team Nagios Charm developers is requested to review the proposed merge of ~szeestraten/nagios-charm:bugfix_1669920 into nagios-charm:master.

diff --git a/hooks/install b/hooks/install
index 57ba12b..fc59d3f 100755
--- a/hooks/install
+++ b/hooks/install
@@ -37,20 +37,6 @@ if [ -f $CHARM_DIR/files/hostgroups_nagios2.cfg ]; then
     rm -v /etc/nagios3/conf.d/extinfo_nagios2.cfg
 fi
 
-enable_livestatus=$(config-get enable_livestatus)
-livestatus_path=$(config-get livestatus_path)
-livestatus_dir=$(dirname $livestatus_path)
-
-if [ "$enable_livestatus" ]; then
-    # install check-mk-livestatus
-    DEBIAN_FRONTEND=noninteractive apt-get -qy install check-mk-livestatus
-    # fix permissions on the livestatus directory
-    mkdir -p $livestatus_dir
-    chown nagios:www-data $livestatus_dir
-    chmod g+w $livestatus_dir
-    chmod g+s $livestatus_dir
-fi
-
 if [ -f $CHARM_DIR/files/index.html ]; then
     # Replace the default index.html file to redirect to nagios3/
     cp -v $CHARM_DIR/files/index.html /var/www/html/index.html
diff --git a/hooks/upgrade-charm b/hooks/upgrade-charm
index 9aff222..ebdc2e0 100755
--- a/hooks/upgrade-charm
+++ b/hooks/upgrade-charm
@@ -73,38 +73,28 @@ def mkdir_p(path):
             raise
 
 
-# Fix the path to be world executable
-def fixpath(path):
-    if os.path.isdir(path):
-        st = os.stat(path)
-        os.chmod(path, st.st_mode | stat.S_IXOTH)
-    if path != "/":
-        fixpath(os.path.split(path)[0])
-
-
 def enable_livestatus_config():
     if enable_livestatus:
-        hookenv.log("Livestatus is enabled")
+        hookenv.log("Livestatus is enabled", "INFO")
+        hookenv.log("Path to livestatus socket: %s" % livestatus_path, "INFO")
+
+        # Make sure livestatus package is installed
         fetch.apt_update()
         fetch.apt_install('check-mk-livestatus')
 
-        # Make the directory and fix perms on it
-        hookenv.log("Fixing perms on livestatus_path")
+        # Make sure the livestatus directory exists
         livestatus_dir = os.path.dirname(livestatus_path)
         if not os.path.isdir(livestatus_dir):
-            hookenv.log("Making path for livestatus_dir")
+            hookenv.log("Making livestatus socket dir: %s" % livestatus_dir, "INFO")
             mkdir_p(livestatus_dir)
-        fixpath(livestatus_dir)
 
-        # Fix the perms on the socket
-        hookenv.log("Fixing perms on the socket")
+        # Make sure permissions and ownership is of the livestatus directory is correct
+        hookenv.log("Setting owner and permissions for livestatus socket dir: %s" % livestatus_dir, "INFO")
         uid = pwd.getpwnam(nagios_user).pw_uid
         gid = grp.getgrnam("www-data").gr_gid
-        os.chown(livestatus_path, uid, gid)
+        st = os.stat(livestatus_dir)
         os.chown(livestatus_dir, uid, gid)
-        st = os.stat(livestatus_path)
-        os.chmod(livestatus_path, st.st_mode | stat.S_IRGRP)
-        os.chmod(livestatus_dir, st.st_mode | stat.S_IRGRP | stat.S_ISGID)
+        os.chmod(livestatus_dir, st.st_mode | stat.S_IXUSR | stat.S_IRGRP | stat.S_IXGRP | stat.S_ISGID)
 
 
 def enable_pagerduty_config():