Access /proc/$pid/exe as regular user – Managing your servers can streamline the performance of your team by allowing them to complete complex tasks faster. Plus, it can enable them to detect problems early on before they get out of hand and compromise your business. As a result, the risk of experiencing operational setbacks is drastically lower.
But the only way to make the most of your server management is to perform it correctly. And to help you do so, this article will share nine tips on improving your server management and fix some problem about linux, sudo, ps, , .
I am in the process of developing a custom Nagios plugin to monitor the absolute path of a few running processes.
As a root user I have always used the command ‘ls -l /proc/$pid/exe to find the path but when I get Nagios to run this command(as user nagios) it doesn’t have permission to access the file in /proc/.
As a workaround I gave sudo access to user nagios to run the command pwdx and this seems to be working fine, but it is a pain to do this on all our servers. Without this sudo access the plugin would fail.
I was wondering if there is a cleaner way to do this? I basically need a way to provide user nagios read access to everything under /proc.
How about combination with “sudo setting in central nagios server” and “Private key authorization”?
Assuming that you are accessing to your dest server by ssh,
Set sudo access with NO Passwd option to nagios user to nagios user in your central nagios server
Generate private and public key with root user and copy the pub key to your destination server.
DO below in root user
ssh-key-gen -t dsa -b 1024
ssh-copy-id -i [path to your .pub file] root@[dest server]
- Execute chec_by_ssh with sudo.
sudo [path-to-nagiosplugin]/check_by_ssh -l root -C “ls -l /proc/[pid]/exe”
Below is sample result.
[nagios@dev plugins]$ sudo ./check_by_ssh -H localhost -l root “ls -l /proc/2027/exe”; echo $?
lrwxrwxrwx. 1 root root 0 Mar 30 19:29 /proc/2027/exe -> /usr/libexec/postfix/master
We ended up continuing with pwdx with sudo access as other options were more or less ‘complicated’ as this one.