pmp-check-mysql-file-privs

pmp-check-mysql-file-privs - Alert if MySQL data directory privileges are wrong.

SYNOPSIS

Usage: pmp-check-mysql-file-privs [OPTIONS]
Options:
  -c CRIT         Critical threshold; makes a privilege issue critical.
  --defaults-file FILE Only read mysql options from the given file.
                  Defaults to /etc/nagios/mysql.cnf if it exists.
  -g GROUP        The Unix group who should own the files; default mysql.
  -H HOST         MySQL hostname.
  -l USER         MySQL username.
  -L LOGIN-PATH   Use login-path to access MySQL (with MySQL client 5.6).
  -p PASS         MySQL password.
  -P PORT         MySQL port.
  -S SOCKET       MySQL socket file.
  -u USER         The Unix user who should own the files; default mysql.
  -w WARN         Warning threshold; ignored.
  --help          Print help and exit.
  --version       Print version and exit.
Options must be given as --option value, not --option=value or -Ovalue.
Use perldoc to read embedded documentation with more details.

DESCRIPTION

This Nagios plugin checks to make sure that the MySQL data directory, and its contents, is owned by the correct Unix user and group. If the ownership is incorrect, then the server might fail due to lack of permission to modify its data. For example, suppose a system administrator enters a database directory and creates a file that is owned by root. Now a database administrator issues a DROP TABLE command, which fails because it is unable to remove the file and thus the non-empty directory cannot be removed either.

The plugin accepts the -g and -u options to specify which Unix user and group should own the data directory and its contents. This is usually the user account under which MySQL runs, which is mysql by default on most systems. The plugin assumes that user and group by default, too.

The plugin accepts the -w and -c options for compatibility with standard Nagios plugin conventions, but they are not based on a threshold. Instead, the plugin raises a warning by default, and if the -c option is given, it raises an error instead, regardless of the option’s value.

By default, this plugin will attempt to detect all running instances of MySQL, and verify the data directory ownership for each one. It does this purely by examining the Unix process table with the ps tool. However, in some cases the process’s command line does not list the path to the data directory. If the tool fails to detect the MySQL server process, or if you wish to limit the check to a single instance in the event that there are multiple instances on a single server, then you can specify MySQL authentication options. This will cause the plugin to skip examining the Unix processlist, log into MySQL, and examine the datadir variable from SHOW VARIABLES to find the location of the data directory.

In case an user you are calling this plugin from has no permissions to examine the datadir the plugin raises an unknown with the explanation.

PRIVILEGES

This plugin executes the following commands against MySQL:

  • SELECT the MySQL system variables @@datadir and @@basedir.

This plugin executes the following UNIX commands that may need special privileges:

  • ps
  • find datadir

The plugin should be able to either get variables from MySQL or find mysqld PID using ps command.

On BSD, if sysctl option security.bsd.see_other_uids is set to 0, ps will not return mysqld PID if the plugin run from non-root user.

Also an user you run the plugin from should be able to access MySQL datadir files, so you may want to add it into mysql unix group etc.

VERSION

Percona Monitoring Plugins pmp-check-mysql-file-privs 1.1.4

© Copyright 2012, Percona Inc.
Except where otherwise noted, this documentation is licensed under the following license:
CC Attribution-ShareAlike 2.0 Generic
This documentation is developed in Launchpad as part of the Percona Monitoring Plugins source code.
If you spotted innacuracies, errors, don't understood it or you think something is missing or should be improved, please file a bug.