pmp-check-mysql-file-privs - Alert if MySQL data directory privileges are wrong.
Usage: pmp-check-mysql-file-privs [OPTIONS] Options: -c CRIT Critical threshold; makes a privilege issue critical. --defaults-file FILE Only read mysql options from the given file. Defaults to /etc/nagios/mysql.cnf if it exists. -g GROUP The Unix group who should own the files; default mysql. -H HOST MySQL hostname. -l USER MySQL username. -L LOGIN-PATH Use login-path to access MySQL (with MySQL client 5.6). -p PASS MySQL password. -P PORT MySQL port. -S SOCKET MySQL socket file. -u USER The Unix user who should own the files; default mysql. -w WARN Warning threshold; ignored. --help Print help and exit. --version Print version and exit. Options must be given as --option value, not --option=value or -Ovalue. Use perldoc to read embedded documentation with more details.
This Nagios plugin checks to make sure that the MySQL data directory, and its contents, is owned by the correct Unix user and group. If the ownership is incorrect, then the server might fail due to lack of permission to modify its data. For example, suppose a system administrator enters a database directory and creates a file that is owned by root. Now a database administrator issues a DROP TABLE command, which fails because it is unable to remove the file and thus the non-empty directory cannot be removed either.
The plugin accepts the -g and -u options to specify which Unix user and group should own the data directory and its contents. This is usually the user account under which MySQL runs, which is mysql by default on most systems. The plugin assumes that user and group by default, too.
The plugin accepts the -w and -c options for compatibility with standard Nagios plugin conventions, but they are not based on a threshold. Instead, the plugin raises a warning by default, and if the -c option is given, it raises an error instead, regardless of the option’s value.
By default, this plugin will attempt to detect all running instances of MySQL, and verify the data directory ownership for each one. It does this purely by examining the Unix process table with the ps tool. However, in some cases the process’s command line does not list the path to the data directory. If the tool fails to detect the MySQL server process, or if you wish to limit the check to a single instance in the event that there are multiple instances on a single server, then you can specify MySQL authentication options. This will cause the plugin to skip examining the Unix processlist, log into MySQL, and examine the datadir variable from SHOW VARIABLES to find the location of the data directory.
In case an user you are calling this plugin from has no permissions to examine the datadir the plugin raises an unknown with the explanation.
This plugin executes the following commands against MySQL:
This plugin executes the following UNIX commands that may need special privileges:
The plugin should be able to either get variables from MySQL or find mysqld PID using ps command.
On BSD, if sysctl option security.bsd.see_other_uids is set to 0, ps will not return mysqld PID if the plugin run from non-root user.
Also an user you run the plugin from should be able to access MySQL datadir files, so you may want to add it into mysql unix group etc.
Percona Monitoring Plugins pmp-check-mysql-file-privs 1.1.5