Bug 269629 - net-mgmt/netdata: Netdata 1.38.0 complains about permissions using default config
Summary: net-mgmt/netdata: Netdata 1.38.0 complains about permissions using default co...
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: freebsd-ports-bugs (Nobody)
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2023-02-17 16:28 UTC by Daniel Engberg
Modified: 2023-04-22 11:44 UTC (History)
2 users (show)

See Also:
bugzilla: maintainer-feedback? (nk)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Daniel Engberg freebsd_committer freebsd_triage 2023-02-17 16:28:24 UTC 
It works but it would be nice if we could fix this message from occuring

apps.plugin[14552]: PROCFILE: Cannot open file '/usr/local/etc/netdata/apps_groups.conf'
apps.plugin[14552]: apps.plugin should either run as root (now running with uid 302, euid 302) or have special capabilities. Without these, apps.plugin cannot report disk I/O utilization of other processes. Your system does not support capabilities. To enable setuid to root run: sudo chown root:netdata /usr/local/libexec/netdata/plugins.d/apps.plugin; sudo chmod 4750 /usr/local/libexec/netdata/plugins.d/apps.plugin;
Comment 1 Daniel Engberg freebsd_committer freebsd_triage 2023-02-17 18:26:33 UTC 
For the sake of documentation, it also causes netdata to be very noisy

Feb 17 18:39:27 foobar apps.plugin[14552]: Cannot fetch process 82037 command line (command 'awk')
Feb 17 18:39:36 foobar apps.plugin[14552]: Cannot fetch process 82221 command line (command 'sh')
Feb 17 18:40:23 foobar apps.plugin[14552]: Cannot fetch process 83301 command line (command 'awk')
Feb 17 18:41:03 foobar apps.plugin[14552]: Cannot fetch process 88584 command line (command 'swapinfo')
Feb 17 18:41:03 foobar apps.plugin[14552]: Cannot fetch process 88586 command line (command 'sh')
Feb 17 18:43:34 foobar apps.plugin[14552]: Cannot fetch process 95040 command line (command 'awk')
Feb 17 18:43:49 foobar apps.plugin[14552]: Cannot fetch process 95376 command line (command 'awk')
Feb 17 18:44:03 foobar apps.plugin[14552]: Cannot fetch process 95668 command line (command 'awk')
Feb 17 18:44:28 foobar apps.plugin[14552]: Cannot fetch process 96293 command line (command 'awk')
Feb 17 18:44:59 foobar apps.plugin[14552]: Cannot fetch process 97055 command line (command 'awk')
Comment 2 Namkhai B. 2023-02-17 21:50:47 UTC 
Working on a fix and the update to v1.38.1.
Comment 3 Namkhai B. 2023-02-19 21:07:12 UTC 
Submitted a fix in review D38659. I do not have permissions to set the status to In Progress
Comment 4 Graham Perrin freebsd_committer freebsd_triage 2023-02-26 16:26:41 UTC 
Before finding this bug report, I followed the setuid-related hint in 
/var/log/messages to change the owner and mode of 
/usr/local/libexec/netdata/plugins.d/apps.plugin

<https://reviews.freebsd.org/P558$42>

Should I now revert the owner and mode, in readiness for a fix?
Comment 5 Daniel Engberg freebsd_committer freebsd_triage 2023-02-26 19:00:02 UTC 
Should be reset once you uninstall/reinstall the port so no need.
Comment 6 commit-hook freebsd_committer freebsd_triage 2023-03-06 22:22:17 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=b7a254191b1c5617cc9d5883e8b51cec2aff6320

commit b7a254191b1c5617cc9d5883e8b51cec2aff6320
Author:     Namkhai B <me@forkbomb9.ch>
AuthorDate: 2023-03-06 21:37:43 +0000
Commit:     Daniel Engberg <diizzy@FreeBSD.org>
CommitDate: 2023-03-06 22:21:24 +0000

    net-mgmt/netdata: Update to 1.38.1 and fix apps.plugin

    Add setuid bit to apps.plugin to fix execution

    Changelog: https://github.com/netdata/netdata/releases/tag/1.38.1

    PR:             269629
    Differential Revision:  https://reviews.freebsd.org/D38659

 net-mgmt/netdata/Makefile  |  8 +-------
 net-mgmt/netdata/distinfo  | 14 +++-----------
 net-mgmt/netdata/pkg-plist |  2 +-
 3 files changed, 5 insertions(+), 19 deletions(-)
Comment 7 Graham Perrin freebsd_committer freebsd_triage 2023-03-19 06:49:48 UTC 
(In reply to Daniel Engberg from comment #1)

The noise continues, for me. Should I open a new bug report?

root@mowa219-gjp4-8570p-freebsd:~ # zgrep netdata\ upgraded /var/log/messages.1.bz2
Mar 11 01:42:11 mowa219-gjp4-8570p-freebsd pkg[25408]: netdata upgraded: 1.38.0 -> 1.38.1 
root@mowa219-gjp4-8570p-freebsd:~ # zgrep apps.plugin /var/log/messages.0.bz2
Mar 11 16:02:08 mowa219-gjp4-8570p-freebsd apps.plugin[2790]: Cannot fetch process 80811 command line (command 'sysctl')
Mar 11 16:06:43 mowa219-gjp4-8570p-freebsd apps.plugin[2790]: Cannot fetch process 86407 command line (command 'sh')
…
Comment 8 Daniel Engberg freebsd_committer freebsd_triage 2023-03-19 08:12:07 UTC 
Not sure what exactly caused in my case but try to stop the current process, uninstall package, make sure that libexec/netdata/plugins.d/apps.plugin is removed and reinstall new version of port.
Comment 9 Graham Perrin freebsd_committer freebsd_triage 2023-03-19 14:55:17 UTC 
(In reply to Daniel Engberg from comment #8)

Thanks, I tried that already. 

Retry: 

----

root@mowa219-gjp4-8570p-freebsd:~ # date 
Sun Mar 19 14:20:14 GMT 2023
root@mowa219-gjp4-8570p-freebsd:~ # service netdata stop
Stopping netdata.
Waiting for PIDS: 15502 15503, 15502 15503, 15502 15503, 15502 15503, 15502 15503.
root@mowa219-gjp4-8570p-freebsd:~ # service netdata status
netdata is not running.
root@mowa219-gjp4-8570p-freebsd:~ # pkg delete --quiet --yes netdata
==> You should manually remove the "netdata" user. 
==> You should manually remove the "netdata" group 
You may need to manually remove /usr/local/etc/netdata/netdata.conf if it is no longer needed.
root@mowa219-gjp4-8570p-freebsd:~ # rm /usr/local/libexec/netdata/plugins.d/apps.plugin
rm: /usr/local/libexec/netdata/plugins.d/apps.plugin: No such file or directory
root@mowa219-gjp4-8570p-freebsd:~ # pkg install --quiet --yes netdata
===> Creating groups.
Using existing group 'netdata'.
===> Creating users
Using existing user 'netdata'.
===> Creating homedir(s)
=====
Message from netdata-1.38.1:

--
Quick start for local-only use:

1. sysrc netdata_enable="YES"
2. service netdata start
3. Go to http://localhost:19999/
4. <Optional> Connect to Netdata Cloud using the netdata-claim.sh script:
   https://learn.netdata.cloud/docs/agent/claim#claiming-script
root@mowa219-gjp4-8570p-freebsd:~ # ls -hln /usr/local/libexec/netdata/plugins.d/apps.plugin
-rwsr-x---  1 0  302   117K Mar 13 01:57 /usr/local/libexec/netdata/plugins.d/apps.plugin
root@mowa219-gjp4-8570p-freebsd:~ # date ; service netdata start
Sun Mar 19 14:23:37 GMT 2023
Starting netdata.
root@mowa219-gjp4-8570p-freebsd:~ # 

----


Then: 

----

% tail -f -n 0 /var/log/messages
Mar 19 14:23:39 mowa219-gjp4-8570p-freebsd apps.plugin[78013]: PROCFILE: Cannot open file '/usr/local/etc/netdata/apps_groups.conf'
Mar 19 14:30:09 mowa219-gjp4-8570p-freebsd apps.plugin[78013]: Cannot fetch process 78634 command line (command 'python3.9')
Mar 19 14:35:51 mowa219-gjp4-8570p-freebsd apps.plugin[78013]: Cannot fetch process 80348 command line (command 'sh')
Mar 19 14:35:52 mowa219-gjp4-8570p-freebsd apps.plugin[78013]: Cannot fetch process 80958 command line (command 'sh')
Mar 19 14:35:59 mowa219-gjp4-8570p-freebsd apps.plugin[78013]: Cannot fetch process 81586 command line (command 'cat')
Mar 19 14:36:06 mowa219-gjp4-8570p-freebsd apps.plugin[78013]: Cannot fetch process 82186 command line (command 'sh')
Mar 19 14:36:06 mowa219-gjp4-8570p-freebsd apps.plugin[78013]: Cannot fetch process 82188 command line (command 'gsed')
Mar 19 14:40:14 mowa219-gjp4-8570p-freebsd apps.plugin[78013]: Cannot fetch process 82829 command line (command 'python3.9')
Mar 19 14:46:00 mowa219-gjp4-8570p-freebsd apps.plugin[78013]: Cannot fetch process 83745 command line (command 'python3.9')
Mar 19 14:46:00 mowa219-gjp4-8570p-freebsd apps.plugin[78013]: Cannot fetch process 83748 command line (command 'cc')
Mar 19 14:46:12 mowa219-gjp4-8570p-freebsd apps.plugin[78013]: Cannot fetch process 83978 command line (command 'c++')
Mar 19 14:46:14 mowa219-gjp4-8570p-freebsd apps.plugin[78013]: Cannot fetch process 84021 command line (command 'sccache')
Mar 19 14:47:51 mowa219-gjp4-8570p-freebsd apps.plugin[78013]: Cannot fetch process 84882 command line (command 'sysctl')
Mar 19 14:48:25 mowa219-gjp4-8570p-freebsd apps.plugin[78013]: heartbeat clock: woke up 504757 microseconds later than expected (can be due to system load or the CLOCK_REALTIME set to the future).
Mar 19 14:50:01 mowa219-gjp4-8570p-freebsd apps.plugin[78013]: Cannot fetch process 85232 command line (command 'gfortran12')
Mar 19 14:50:03 mowa219-gjp4-8570p-freebsd apps.plugin[78013]: Cannot fetch process 85258 command line (command 'sh')
^C
%
Comment 10 Graham Perrin freebsd_committer freebsd_triage 2023-03-19 14:57:18 UTC 
root@mowa219-gjp4-8570p-freebsd:~ # cat /usr/local/etc/netdata/netdata.conf
# netdata configuration
#
# This file is a small subset of the full configuration which can be downloaded
# from http://localhost:19999/netdata.conf

# global netdata configuration

[global]
        history = 86400

[plugins]
        freebsd = yes

[web]
        respect do not track policy = yes
        disconnect idle clients after seconds = 3600
        bind to = 127.0.0.1
        web files owner = netdata
        web files group = netdata

[db]
        mode = dbengine
        storage tiers = 2
root@mowa219-gjp4-8570p-freebsd:~ #