IcingaWeb2 Setup on Ubuntu 26.04, can’t write to /etc/icingaweb2

Icinga Web
1

First of all, a huge shout-out to the Icinga package team for their great work.

I recognized Ubuntu 26.04 was released yesterday, looked for the packages and the packages were there and I could install icinga2, IcingaWeb2, IcingaDB, and director.

But the configuration gave me some headache. There where some problems with the writing permissions of /etc/icingaweb2

Every permission was fine and even a very harsh chmod -R 777 didn’t allow writing.
So it was very late and I postponed my installation and finished it this morning.

the critical part was the apache2 hardening or in this case, remove some of the hardening.
Apache2 for Ubuntu 26.04 comes with ProtectSystem=full which protects the etc folder too
before any IcingaWeb2 setup you can do the following:

sudo systemctl edit apache2

[Service]
ReadWritePaths=/etc/icingaweb2
RestrictSUIDSGID=no

sudo systemctl daemon-reload
sudo systemctl restart apache2

ReadWritePaths allows apache2 to write to /etc/icingaweb2
RestrictSUIDSGID allows apache2 to create folders the way icingaweb wants to create them

I hope this helps

Every feedback is welcome, if there is some alternative to fix that with the default ubuntu 26.04 server installation

Best Regards
Nicolas

2

Thanks a lot .. i was torn if i should write about it but as no one complained yet. :man_shrugging:

Regards

David

3

Good idea!

We have integrated this in Icinga Web 2.13.0-2.

4 
root@icinga-ubuntu-2604:/home/nicolas# cat /lib/systemd/system/apache2.service.d/icingaweb2.conf 
[Service]
ReadWritePaths=-/etc/icingaweb2
ReadWritePaths=-/var/lib/icingaweb2

@Al2Klimov what about the “RestrictSUIDSGID=no”

without that the folder creation fails during setup

Bildschirmfoto 2026-05-06 um 13.22.16
Bildschirmfoto 2026-05-06 um 13.22.162410×898 287 KB

5

Strange…

Test

  1. Setup Ubuntu 26.04
  2. Add repo Index of /ubuntu
  3. apt install icingaweb2 mariadb-server
  4. Walk through setup wizard
  5. Log in – works

At least fresh installations work.

6

but icingadb-web needs to create the folder /etc/icingaweb2/modules/icingadb
and that fails

7

You’re right. We have integrated this in Icinga Web 2.13.0-3 now.

8

works like a charm with Icinga Web 2.13.0-3.
Thanks for adding this