In this recipe, we'll learn how to deal with the difficulty of executing permissions for NRPE. The majority of standard Nagios plugins don't require special privileges to run, although this also depends on how stringent your system's security restrictions are. However, some of the plugins require being run as
root or perhaps as another user other than
nagios. This is sometimes the case with plugins that need to make requests of system-level resources such as checking the integrity of RAID arrays.
There are four general approaches to fixing this:
Bad: Change the plugins to
setuid, meaning that they will always be run as the user who owns them, no matter who executes them. The problem with this is that setting this bit allows anyone to run the program as
root, not just
nrpe, a very common vector for exploits.
rootor as the appropriate user. This is done by changing the
nrpe.cfg. This is even...