Short tip: Nagios/Icinga error “DISK CRITICAL – /var/lib/pgsql/data is not accessible: Permission denied”

If you’re running a PostgreSQL database on a CentOS/RHEL system and moved the data directory to a dedicated partition the following error might occur if you want to monitor the filling level using the Nagios/Icinga plugin check_disk:

DISK CRITICAL - /var/lib/pgsql/data is not accessible: Permission denied

The reason for this issue is that the check_disk plugin is not allowed to move to the directory:

 ls -ld /var/lib/pgsql/data/
drwx------  13 postgres postgres 4096 Nov 13 23:49 /var/lib/pgsql/data/

Of course a solution is to grant the rights for other users using the chmod o+x command. But it is more senseful to use ACLs instead – this is the only way to make sure that only the nrpe user (and not all users) is allowed to access the directory.

First of all ACLs are enabled and the filesystem is re-mounted for using ACLs (if not already done):

# tune2fs -l /dev/mapper/... |grep "mount options"
Default mount options:
# tune2fs -o acl /dev/mapper/...
# mount -o remount,acl /path/...
# tune2fs -l /dev/mapper/... |grep "mount options"
Default mount options:    acl
# mount -v|grep path
/dev/mapper/... on /var/lib/pgsql/data type ext4 (rw,acl)

After that the execution bit for the directory /var/lib/pgsql is granted to the user nrpe:

# setfacl -m u:nrpe:x /var/lib/pgsql
# getfacl /var/lib/pgsql
getfacl: Removing leading '/' from absolute path names
# file: var/lib/pgsql
# owner: postgres
# group: postgres
user::rwx
user:nrpe:--x
group::---
mask::--x
other::---

All further checks are now serving the expected information:

DISK OK - free space: /var/lib/pgsql/data 951 MB (19% inode=99%):

Sharing is caring

Leave a Reply