Im trying to debug a nagios plugin (check_aacraid.py) that uses NRPE. The system in question is a new setup CentOS 6.2 fileserver.

The command that appears to be giving me trouble is:

for line in Popen(["/usr/bin/sudo", "/usr/bin/arcconf", "GETCONFIG", "1", "LD"],
                  stdin=PIPE, stdout=PIPE, close_fds=True).stdout:

If I run the script as the ‘nagios’ user it works fine. If it gets called from NRPE/XINETD it fails (NRPE reports “Unable to read output” – usu indicates an error).

I used strace to watch the output of xinetd and found this:

7706  execve("/usr/bin/sudo", ["/usr/bin/sudo", "/usr/bin/arcconf", "GETCONFIG", "1", "AD"], [/* 15 vars */]) = -1 EACCES (Permission denied)

Im trying to figure out if its a problem with:
-python
-sudo
-nagios
-xinetd
-other

I’ve trolled about for issues with sudo and have done the std things ( comment out ‘requiretty’, set path, add nagios user with ‘NOPASSWD’ ). Haven’t found the problem yet.

Other commands run fine via NRPE (‘check_user’, etc).

Note: this is a published, established plugin for nagios. I’ve done something wrong on this system such that it isn’t working.

Suggestions?

Answers to questions:
1) I can run the app if I login as ‘nagios’.
2) Using ‘visudo’ I have this entry: ‘nagios ALL=(ALL) NOPASSWD:ALL’
– yes its a security hole. I will tighten it up when I get this thing working.
3) The permissions for /usr/bin/sudo are —s–x–x. 2 root root 215144 May 9 23:59 /usr/bin/sudo

It appears that SELinux is the problem. When I ‘echo 0 > /selinux/enforce’ then the app runs properly. Now to figure out how to work with it instead of around it. @Josh – post this as an answer and I’ll happily accept it!