Bug 273831 - net-mgmt/netdata: permission-related issues
Summary: net-mgmt/netdata: permission-related issues
Status: Open
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: freebsd-ports-bugs (Nobody)
URL: https://www.freshports.org/net-mgmt/n...
Keywords:
Depends on:
Blocks:
 
Reported: 2023-09-15 18:46 UTC by Antti Rasinen
Modified: 2023-11-28 01:25 UTC (History)
2 users (show)

See Also:

Attachments
Collector.log (15.77 KB, text/plain)
2023-09-15 18:46 UTC, Antti Rasinen 		no flags Details
error.log (26.22 KB, text/plain)
2023-09-15 18:46 UTC, Antti Rasinen 		no flags Details
Run netdata as root (430 bytes, patch)
2023-09-15 19:01 UTC, Namkhai B. 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Antti Rasinen 2023-09-15 18:46:11 UTC 
Created attachment 244896 [details]
Collector.log

After updating to version 1.42.2, my custom collector stopped working. I checked the logs and found some permission issues in collector.log.

I completely removed netdata and reinstalled the package. Nevertheless, the errors keep persisting.

I've attached the error.log and collector.log. (I've omitted the start from error log that.)

For example, this happens:

ERROR: plugin[main] : error on loading '/usr/local/etc/netdata/python.d.conf' : PermissionError(13, 'Permission denied')

But the file exists.

-rw-r-----  1 netdata  netdata  1477 Sep 15 21:32 /usr/local/etc/netdata/python.d.conf


Likewise this exists.

-rw-r-----  1 netdata  netdata  2502 Sep 10 08:57 /usr/local/lib/netdata/conf.d/python.d/riakkv.conf
Comment 1 Antti Rasinen 2023-09-15 18:46:40 UTC 
Created attachment 244897 [details]
error.log
Comment 2 Namkhai B. 2023-09-15 19:01:52 UTC 
Created attachment 244898 [details]
Run netdata as root

This was probably introduced by the user changes made by netdata (they now expect to be run as root).

Can you try the attached patch to the init script?
If it works, I'll add it to the update to v1.42.3 at D41819
Comment 3 Antti Rasinen 2023-09-15 19:14:53 UTC 
Doesn't seem to work, still getting e.g. 

2023-09-15 22:10:11: python.d ERROR: plugin[main] : [smartd_log] error on loading '/usr/local/lib/netdata/conf.d/python.d/smartd_log.conf' : PermissionError(13, 'Permission denied')

# ls -l /usr/local/lib/netdata/conf.d/python.d/smartd_log.conf
-rw-r-----  1 netdata  netdata  2974 Sep 10 08:57 /usr/local/lib/netdata/conf.d/python.d/smartd_log.conf

Seems like the server processes are running as nobody:

USER     PID %CPU %MEM    VSZ    RSS TT  STAT STARTED    TIME COMMAND
nobody 38448  0.6  0.4 251528 140920  -  IN   22:10   0:03.84 /usr/local/sbin/netdata -P /var/db/netdata/netdata.pid
nobody 38449  0.0  0.0  26620  14536  -  IN   22:10   0:00.00 /usr/local/sbin/netdata --special-spawn-server
Comment 4 Namkhai B. 2023-09-15 19:16:06 UTC 
Did you restart netdata with the new init script?
Comment 5 Antti Rasinen 2023-09-15 19:20:14 UTC 
I did, twice now, still running as nobody
Comment 6 Antti Rasinen 2023-09-15 19:22:57 UTC 
I checked the configuration from localhost:19999/netdata.conf, it has the following interesting bit there:

[global]
        # run as user = nobody

Seems too much of coincidence to not be a coincidence...
Comment 7 Namkhai B. 2023-09-15 19:23:52 UTC 
(In reply to Antti Rasinen from comment #6)

Yes, just noticed that too. My netdata.conf already has run as user = netdata.
Try changing it and reverting the rc.d changes
Comment 8 Antti Rasinen 2023-09-15 19:30:58 UTC 
Alright! Looks much more promising, smartd collector is already collecting some data. I'll try my custom collector next and report
Comment 9 Namkhai B. 2023-09-15 19:32:49 UTC 
Allright, I'll make sure to update the default user in v1.42.3
Comment 10 Antti Rasinen 2023-09-15 19:45:04 UTC 
(In reply to Antti Rasinen from comment #8)

And the custom collector works too. Excellent. Thanks for the help.