Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-11466

SNMP: snmpd restart always reowns unix socket to inaccessible ownership

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 2.5.4
    • Affects Version/s: 2.5.3
    • Component/s: None
    • Environment:
      * 2.5.4-pre Enterprise Ubuntu 12.04
      * Build version: enterprise-97c3a3d2b487e9376d484d33ede2895e379a3033-2013-10-29
    • ALL
    • Hide
      1. Install pre-req packages for SNMP.
      2. Edit /etc/snmpd/snmpd.conf to be standard SNMP master over UDP using unix socket at /tmp/agentx/master

        agentAddress udp:127.0.0.1:1161
        master agentx
        AgentXSocket /tmp/agentx/master

      3. Copy mongod.conf.subagent to /etc/snmp/mongod.conf, which specifies unix domain socket.
      4. Restart snmpd: /etc/init.d/snmpd restart
      5. Start a mongod as a SNMP subagent.

      Example startup command:

      ./bin/mongod --replSet rs --snmp-subagent --port 27017 --fork --dbpath data/noauth-rs-0/ --logpath logs/noauth-rs-0/mongod.log --smallfiles --nohttpinterface

      Show
      Install pre-req packages for SNMP. Edit /etc/snmpd/snmpd.conf to be standard SNMP master over UDP using unix socket at /tmp/agentx/master agentAddress udp:127.0.0.1:1161 master agentx AgentXSocket /tmp/agentx/master Copy mongod.conf.subagent to /etc/snmp/mongod.conf, which specifies unix domain socket. Restart snmpd: /etc/init.d/snmpd restart Start a mongod as a SNMP subagent. Example startup command: ./bin/mongod --replSet rs --snmp-subagent --port 27017 --fork --dbpath data/noauth-rs-0/ --logpath logs/noauth-rs-0/mongod.log --smallfiles --nohttpinterface

      The new mongod.conf.subagent uses a UNIX socket definition of:

      agentXSocket /tmp/agentx/master

      On Ubuntu Server 12.04, This causes a directory structure permission/ownership as follows:

      $ sudo ls -alh /tmp/agentx/
      total 8.0K
      drwx------ 2 root root 4.0K Oct 30 13:29 .
      drwxrwxrwt 3 root root 4.0K Oct 30 13:29 ..
      srwxr-xr-x 1 root root    0 Oct 30 13:29 master
      $
      

      Note that the /tmp/agentx is only user visible, and everything is owned by root. The more unexpected behavior, however, is that the permissions and ownership of the socket file are always reset back to root ownership and only user-writeable.

      $ ls -lha /tmp/agentx/
      total 8.0K
      drwx------ 2 ubuntu ubuntu 4.0K Oct 30 13:17 .
      drwxrwxrwt 3 root   root   4.0K Oct 30 13:17 ..
      srwxrwxr-x 1 ubuntu ubuntu    0 Oct 30 13:17 master
      ubuntu@ip-10-239-24-41:~/mongodb$ sudo /etc/init.d/snmpd restart
       * Restarting network management services:                                                                                                                                                                                                                            ubuntu@ip-10-239-24-41:~/mongodb$ ls -lha /tmp/agentx/
      total 8.0K
      drwx------ 2 ubuntu ubuntu 4.0K Oct 30 13:19 .
      drwxrwxrwt 3 root   root   4.0K Oct 30 13:17 ..
      srwxr-xr-x 1 root   root      0 Oct 30 13:19 master
      

      This implies that the mongod running as a subagent will not be able to communicate through the UNIX socket.

      The SNMP doc describes additional parameters (agentXPerms) to control the permission/ownership, so perhaps a documentation-only change. But also might be worth mentioning as a comment in the mongod.conf.subagent file itself.
      http://net-snmp.sourceforge.net/docs/man/snmpd.conf.html

            Assignee:
            james.wahlin@mongodb.com James Wahlin
            Reporter:
            john.morales@mongodb.com John Morales (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: