snmpd can't read /var/lib/snmp/snmpd.conf

Bug #15084 reported by Shaw Terwilliger on 2005-04-07
4
Affects Status Importance Assigned to Milestone
net-snmp (Ubuntu)
Medium
Adam Conrad

Bug Description

The default package settings for snmpd have the daemon run as user "snmp"
by passing the -u flag to snmpd. However, snmpd seems to write out
/var/lib/snmp/snmpd.conf as root when it starts. /var/lib/snmp is
owned by root (mode 0700), and snmpd.conf is owned by root
(mode 0600). When snmpd is stopped, it writes this message to syslog
three times:

Apr 7 11:52:39 ike snmpd[2036]: read_config_store open failure on
/var/lib/snmp/snmpd.conf

The effects of this bug seem minimal (I just ignore the syslog messages).
Some features of snmpd may fail if they require read/write access to this
file on shutdown.

One solution would be to make /var/lib/snmp owned by user snmp,
but this directory is part of at least three packages (libsnmp5, libsnmp-base,
and libsnmp4.2 on my system). Should I refile this bug there? I don't know
the policy details for decisions like this.

Shaw Terwilliger (sterwill) wrote :

My solution may not be so great after all. If /var/lib/snmp is owned by user snmp,
the warning messages go away, but that may only be becuase snmpd has nothing to
write to this file (but can access the directory anyway).

The file in it is still owned by root, mode 0600, so snmpd couldn't write to it
if it wanted.

Adam Conrad (adconrad) wrote :

If you chown the file to the snmp user as well, then snmpd can write to
it. It doesn't write much to it, mind you, it's just a persistent state
file, so that the snmp daemon can collect stats about how many times it's
been started.

Another workaround, if you don't much care about the engine knowing what
generation it is, is to add "export SNMP_PERSISTENT_FILE=/dev/null"
somewhere near the top of /etc/init.d/snmpd

Adam Conrad (adconrad) wrote :

This is resolved in breezy with version 5.1.2-6.1ubuntu1.

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.