Short tip: Nagios/Icinga error "DISK CRITICAL - /var/lib/pgsql/data is not accessible: Permission denied"

If you're running a PostgreSQL database on a CentOS/RHEL system and moved the data directory to a dedicated partition the following error might occur if you want to monitor the filling level using the Nagios/Icinga plugin check_disk:

1DISK CRITICAL - /var/lib/pgsql/data is not accessible: Permission denied

The reason for this issue is that the check_disk plugin is not allowed to move to the directory:

1# ls -ld /var/lib/pgsql/data/
2drwx------ 13 postgres postgres 4096 Nov 13 23:49 /var/lib/pgsql/data/

Of course a solution is to grant the rights for other users using the chmod o+x command. But it is more senseful to use ACLs instead - this is the only way to make sure that only the nrpe user (and not all users) is allowed to access the directory.

First of all ACLs are enabled and the filesystem is re-mounted for using ACLs (if not already done):

1# tune2fs -l /dev/mapper/... |grep "mount options"
2Default mount options:
3# tune2fs -o acl /dev/mapper/...
4# mount -o remount,acl /path/...
5# tune2fs -l /dev/mapper/... |grep "mount options"
6Default mount options:    acl
7# mount -v|grep path
8/dev/mapper/... on /var/lib/pgsql/data type ext4 (rw,acl)

After that the execution bit for the directory /var/lib/pgsql is granted to the user nrpe:

 1# setfacl -m u:nrpe:x /var/lib/pgsql
 2# getfacl /var/lib/pgsql
 3getfacl: Removing leading '/' from absolute path names
 4# file: var/lib/pgsql
 5# owner: postgres
 6# group: postgres
 7user::rwx
 8user:nrpe:--x
 9group::---
10mask::--x
11other::---

All further checks are now serving the expected information:

1DISK OK - free space: /var/lib/pgsql/data 951 MB (19% inode=99%):