/usr/lib64/python2.7/socket.py Permission Denied

I wrote a python test plugin /usr/lib64/nagios/plugins/check_test.py . The file content is below which tries to read a file from another server and does some checks as shown below


import re
import sys
import datetime
import paramiko
import select

client = paramiko.SSHClient()
sftp_client = client.open_sftp()
remote_file = sftp_client.open('/data/var/test.log')
//Some checks and sets errorFound as 0 or 1

if (errorFound):

I am able to run this /usr/lib64/nagios/plugins/check_test.py directly from my linux CentOs without any problem. But when I load this script as a service on icinga . I see a warning against the service and below error

Error Below:

22/Sep/2021 Traceback (most recent call last): File “/usr/lib64/nagios/plugins/check_test.py”, line 16, in client.connect(‘’) File “/usr/lib/python2.7/site-packages/paramiko/client.py”, line 305, in connect retry_on_signal(lambda: sock.connect(addr)) File “/usr/lib/python2.7/site-packages/paramiko/util.py”, line 269, in retry_on_signal return function() File “/usr/lib/python2.7/site-packages/paramiko/client.py”, line 305, in retry_on_signal(lambda: sock.connect(addr)) File “/usr/lib64/python2.7/socket.py”, line 224, in meth return getattr(self._sock,​name)(*args) socket.error: [Errno 13] Permission denied

I have set full permission for below files listed in error above but no luck

Anything I am missing here?

About Details:
Icinga Web 2 Version
Git commit
PHP Version
Git commit date

When you tested manually, did you use the icinga user? Can you post the output from sestatus?

SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 31

I just execute the py script manually after I logged in with my username. I did not use icinga user

Also I executed
sudo setenforce 0 and now the the sestatus current mod is permissive. I get a new errr now on the service in icinga as shown below

22/Sep/2021 Traceback (most recent call last): File “/usr/lib64/nagios/plugins/check_test.py”, line 16, in client.connect(‘’) File “/usr/lib/python2.7/site-packages/paramiko/client.py”, line 380, in connect look_for_keys, gss_auth, gss_kex, gss_deleg_creds, gss_host) File “/usr/lib/python2.7/site-packages/paramiko/client.py”, line 622, in _auth raise SSHException(‘No authentication methods available’) paramiko.ssh_exception.SSHException: No authentication methods available

Try running the script with sudo -u icinga to check stuff that will be run by Icinga.
Also: Is the icinga2-selinux packages installed?

Also also: please use code tags to format code snippets, this makes them easier to read :slight_smile:

1 Like

Its working fine now for me I added icinga user ssh key to the remote server where I wanted to ssh and it works fine

1 Like