Freebsd 12.1 amd64 - error while enabling features - Permission denyed

dfeiwkqhfkewshfiuw · January 27, 2020, 11:36pm

Hello,

Freebsd 12.1 && Icinga shows an error when trying to enable features by command line

icinga was build on a fresh installed machine as first application (build by /usr/ports and tryed also by packages on another fresh machine) with same result.

Not sure where to fix the code…

Any hints/ideas?

Workaround: Set symlinks manually

root@a2:~ # icinga2 feature enable api
critical/cli: Cannot enable feature ‘api’. Linking source ‘…/features-available/api.conf’ to target file ‘/usrlocal/etc/icinga2/features-enabled/api.conf’ failed with error code 13, “Permission denied”.
critical/cli: Cannot enable feature(s): api

root@a2:~ # which icinga2
/usr/local/sbin/icinga2

root@a2:~ # tcsh -x /usr/local/sbin/icinga2 feature enable api
ICINGA2_BIN=/usr/local/lib/icinga2/sbin/icinga2
ICINGA2_BIN=/usr/local/lib/icinga2/sbin/icinga2: Command not found.
if test xuname -s = xLinux -a xfeature = xconsole
if: Expression Syntax.
then
then: Command not found.
root@a2:~ # tcsh -x /usr/local/sbin/icinga2 feature enable api

root@a2:~ # ll /usr/local/lib/icinga2/sbin/icinga2
-rwxr-xr-x 1 root wheel 10768176 Jan 27 09:50 /usr/local/lib/icinga2/sbin/icinga2*

root@a2:~ # uname -s
FreeBSD

root@a2 ~]# /usr/local/sbin/icinga2 --version
icinga2 - The Icinga 2 network monitoring daemon (version: r2.11.2-1)

Copyright © 2012-2020 Icinga GmbH (https://icinga.com/)
License GPLv2+: GNU GPL version 2 or later http://gnu.org/licenses/gpl2.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.

System information:
Platform: Unknown
Platform version: Unknown
Kernel: FreeBSD
Kernel version: 12.1-RELEASE
Architecture: amd64

Build information:
Compiler: Clang 8.0.1
Build host: a2

Application information:

General paths:
Config directory: /usr/local/etc/icinga2
Data directory: /var/lib/icinga2
Log directory: /var/log/icinga2
Cache directory: /var/cache/icinga2
Spool directory: /var/spool/icinga2
Run directory: /var/run/icinga2

Old paths (deprecated):
Installation root: /usr/local
Sysconf directory: /usr/local/etc
Run directory (base): /var/run
Local state directory: /var

Internal paths:
Package data directory: /usr/local/share/icinga2
State path: /var/lib/icinga2/icinga2.state
Modified attributes path: /var/lib/icinga2/modified-attributes.conf
Objects path: /var/cache/icinga2/icinga2.debug
Vars path: /var/cache/icinga2/icinga2.vars
PID path: /var/run/icinga2/icinga2.pid

dnsmichi · January 28, 2020, 7:53am

The repository for ports linked in the docs works to my knowledge. If not, I’d suggest getting in touch with the FreeBSD packagers. @lme might chime in too.

Cheers,
Michael

lme · January 28, 2020, 3:27pm

@dfeiwkqhfkewshfiuw thank you for reporting this. You are right, I’m also seeing this on a new install of Icinga 2.
The icinga2 binary drops privileges and runs as the icinga user and thus is not allowed to create the symbolic link in /usr/local/etc/icinga2/features-enabled/.

@dnsmichi: Could you please show me a recursive ls -l from icinga2’s config directory on Linux so I can fix the permissions?
Thanks in advance.

dnsmichi · January 28, 2020, 3:31pm

Asking a macOS user here

Here’s the spec file permissions - https://git.icinga.com/packaging/rpm-icinga2/blob/master/icinga2.spec#L742

lme · January 28, 2020, 4:20pm

Thanks! I think I’ll have a working fix for this tomorrow.