Edit: all new Fedora servers I add to the hosts file show this error. This file does not exist so perhaps there’s an exclude/ignore option that I’m not finding?
The plugin is probably running as the icinga user, so it makes sense it does not have permission to /run/user/0/. I believe the default nagios plugin excludes /run. Can you provide the command from Inspect if you’re using Director? What Command are you running? Output of df -T?
Yes I see it is from ps. But note that there is no /run/user/0/doc directory but there are other directories there so it’s as if something is looking for this doc directory/file.
ls -l /run/user/0/
total 0
srw-rw-rw- 1 root root 0 Sep 24 20:42 bus
drwx------ 2 root root 60 Oct 6 14:56 dconf
dr-x------ 2 root root 0 Dec 31 1969 doc
drwx------ 3 root root 60 Oct 6 14:39 gnupg
drwx------ 2 root root 40 Oct 6 14:56 gvfs
drwx------ 2 root root 40 Oct 6 14:56 gvfsd
drwx------ 2 root root 60 Oct 7 09:12 keyring
srw-rw-rw- 1 root root 0 Sep 24 20:42 pipewire-0
-rw-r----- 1 root root 0 Oct 7 09:12 pipewire-0.lock
drwx------ 2 root root 40 Oct 6 14:57 pulse
drwxr-xr-x 6 root root 160 Oct 7 09:12 systemd
Not using Director but looking into installing it.
I do see /run/user/0/doc listed in your output, so I’m not sure if you missed it or typo’ed in your response. It’s under the mount point, so I’m not sure why it’s throwing that error exactly.
What command are you running for this check?
The CheckCommand configuration included with Icinga2 excludes tmpfs by default.
You can test the options passed to check_disk by running the command yourself (as icinga).
Oops you are right it is there as a 0kb file, my bad.
When you ask me what command am I running, are you wanting to know what is in the hosts.conf file? I just have this and every Fedora host brings back this error in the GUI:
With su icinga -c check_disk I get a This account is currently not available message. When I run it as a non root user I get the same message DISK CRITICAL - /run/user/0/doc is not accessible: Permission denied
Perhaps that’s a clue? User icinga has a nologin option set.
It is sort of a 0kb file, but more importantly it is a directory.
When I ask about the command I am munging you directly and Icinga2 as you have it configured…I’m more interested in what specific command is being executed (regardless of who or what).
You can specify the shell by passing -s /bin/'bash to the su command.
Can you post the complete CheckCommand you are using? It looks like some may have been cutoff. I’m guessing you need to simply add the excludes that are included in Icinga’s default config to your own.
su - icinga -s /bin/bash -c "/usr/lib64/nagios/plugins/check_disk -m" DISK CRITICAL - /run/user/0/doc is not accessible: Permission denied
I only see comments: grep CheckCommand /etc/icinga2/*/* /etc/icinga2/conf.d/commands.conf:#object CheckCommand "check_docker_by_ssh" { /etc/icinga2/conf.d/services.conf: * The CheckCommand objects ping4, ping6, etc /etc/icinga2/conf.d/services.conf.orig: * The CheckCommand objects ping4, ping6, etc /etc/icinga2/conf.d/templates.conf: * The CheckCommand object hostalive is provided by
Yes I see that in /usr/share/icinga2/include/command-plugins.conf Does the none mean it’s disabled? It seems that /run is being included even though df -T showed it’s a tmpfs file system.
Here is icinga2 object list --type Service from one of the servers:
That is odd. /run/user/0 should be root:root 700. Can you confirm that? If that is the case, the icinga user shouldn’t even be able to see doc - so something else is going on here.
The CheckCommand configuration that is packaged with Icinga2 has:
"-x" = {
value = "$disk_partitions_excluded$"
description = "Ignore device (only works if -p unspecified)"
}
No need for a feature request, you just need to configure your own CheckCommand (or use Director and import the packaged one) to accept that variable and configure your service accordingly.
I’d suggest using Director and importing it. If you want to configure it, you can do so anywhere that is imported (e.g. conf.d). I’d have to see your configs to help more in that regard.
If it is a bug, it is with the Nagios plugin or Fedora.