[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: monitoring FIFOs permissions

From: Martin Pala
Subject: Re: monitoring FIFOs permissions
Date: Mon, 26 Dec 2005 22:39:12 +0100
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.12) Gecko/20051007 Debian/1.7.12-1

Jan-Henrik Haukeland wrote:

On 26. des. 2005, at 00.16, Martin Pala wrote:

Example syntax:

  check fifo qmgr-fifo with path /var/spool/postfix/public/qmgr
    if failed permission 622 then alert
    if failed uid postfix then alert
    if failed gid postdrop then alert

If developers will agree, i can add it to the cvs.

Hmm, my initial thought on this is that instead of creating a new specialized file check-service and "duplicate" code, another option is to, during parse-time, issue an error when if-checks that is not supported by the concrete file is used. Since there are many different files on Unix we may end up with lots of new specialized statements if we start. We already have three specialized statements for file; directory, device and file which should suffice IMHO. The end-functionality should be the same and we keep the name-space in the control file small.

I though about it this way:

Monit watch the monitored object type (in the case of file it checks whether it is regular file, etc.) In the case that the type changed, monit can handle the event. This is important since you need to check that for example the fifo was not replaced by regular file, the file with directory, etc. Because also some tests are specific for given object type (for example checksum make sense only for regular file) => you need to know the object type to support just relevant tests. In the case that we will reuse the 'check file' statement for fifo, we will need to add some option which will specify the expected object type and extend the parser so that it will check the syntax of 'check file' statement based on object type context. I think the standalone 'check fifo' is more simple in this case (the context is clearly given by service type and just related options/tests are naturaly supported). And last but not least ;) ... we already use different check statements for device, directory and file (FIFO is just another standalone type).

We already covered almost all basic types (stat system call - types):

check file:
 S_ISREG(m)  is it a regular file?

check directory:
 S_ISDIR(m)  directory?

check device:
 S_ISCHR(m)  character device?
 S_ISBLK(m)  block device?

check fifo (maybe?):
 S_ISFIFO(m) FIFO (named pipe)?

not implemented currently (and probably not needed):
 S_ISLNK(m)  symbolic link? (Not in POSIX.1-1996.)
 S_ISSOCK(m) socket? (Not in POSIX.1-1996.)

For these reasons, i think the new 'check fifo' is better then sharing the 'check file' statement.

What do you think?

Thanks :)

reply via email to

[Prev in Thread] Current Thread [Next in Thread]