Nagios check_mailq: is not executable by uid 0

If you receive this error then your plugin needs patching:

ERROR:  is not executable by (uid 0:gid(0 10 6 4 3 2 1 0))

The patch:

--- /usr/lib/nagios/plugins/check_mailq 2007-04-20 23:14:48.000000000 +0300
+++ check_mailq 2007-06-04 11:53:06.000000000 +0300
@@ -40,7 +40,7 @@
 sub print_usage ();
 sub process_arguments ();
 
-$ENV{'PATH'}='';
+$ENV{'PATH'}='/bin:/usr/bin';
 $ENV{'BASH_ENV'}='';
 $ENV{'ENV'}='';
 $PROGNAME = "check_mailq";
@@ -49,6 +49,9 @@
 $msg_p = 0 ;
 $state = $ERRORS{'UNKNOWN'};
 
+# 
+$utils::PATH_TO_QMAIL_QSTAT = "/var/qmail/bin/qmail-qstat";
+
 Getopt::Long::Configure('bundling');
 $status = process_arguments();
 if ($status){
@@ -63,7 +66,6 @@
 alarm($opt_t);
 
 # switch based on MTA
-
 if ($mailq eq "sendmail") {
 
        ## open mailq

20 comments ↓

#1 tictac on 03.31.09 at 8:00 pm

you can also make sure that symlinks for mailq are ok and recompile nagios plugins without patching them

#2 Greg on 05.01.09 at 5:38 pm

Sorry but can you be more explicite about what i need to do to make this qmail check work?
Thanks

#3 Vitalie Cherpec on 05.01.09 at 5:47 pm

In order to make it work, just modify your /usr/lib/nagios/plugins/check_mailq (green lines from the above patch).

check_mailq needs the following variables:
$ENV{’PATH’}
$utils::PATH_TO_QMAIL_QSTAT

#4 Greg on 05.01.09 at 8:04 pm

i see. i tried but now nagios says:
couldn’t match /var/qmail/bin/qmail-qstat output
maybe a user acces problem

#5 Vitalie Cherpec on 05.01.09 at 9:28 pm

What mail server are you using (this instructions are for Qmail) ?

Please, post your /var/qmail/bin/qmail-qstat output.

#6 Greg on 05.02.09 at 11:38 am

i’m using qmail and using npre. when doing it directly on server it’s fine but then i get this error when in nagios remotely connecting with npre

#7 Greg on 05.02.09 at 11:40 am

don’t know if this is what u wanted but this is the content of the file

# WARNING: This file was auto-generated. Do not edit!
cd /var/qmail
messdirs=`echo queue/mess/* | wc -w`
messfiles=`find queue/mess/* -print | wc -w`
tododirs=`echo queue/todo | wc -w`
todofiles=`find queue/todo -print | wc -w`
echo messages in queue: `expr $messfiles – $messdirs`
echo messages in queue but not yet preprocessed: `expr $todofiles – $tododirs`

#8 Vitalie Cherpec on 05.02.09 at 1:01 pm

I wanted to see the output of the script after you run it, but it’s fine, I’ve understood your problem from the comment :) .

It seems that you are executing the check_mailq script as nagios (non privileged) user. You need to run it with sudo:

# /etc/nagios/nrpe.cfg
[...]
command[check_mailq]=/usr/bin/sudo /usr/lib/nagios/plugins/check_mailq -M qmail -w 500 -c 1000 -t 7
[...]

#/etc/sudoers
# comment/remove the line with ‘Defaults requiretty’
#Defaults requiretty
[...]
nagios ALL=(ALL) NOPASSWD: /usr/lib/nagios/plugins/check_mailq
[...]

#9 Greg on 05.02.09 at 6:00 pm

Thanks. Now it works

#10 astro on 07.17.09 at 10:45 pm

Hi

Can you help me?, I am using exim and I am getting “ERROR: is not executable by (uid 0:gid(0 10 6 4 3 2 1 0))” I have did all these steps, but it do not works

#11 Vitalie Cherpec on 07.17.09 at 11:12 pm

The instructions from article are for Qmail, check the /usr/lib/nagios/plugins/check_mailq file for Exim/Sendmail settings.

#12 Alex on 08.14.09 at 10:29 am

Another example

In command.cfg (or whatever file you use for command definitions)
# ‘check_mailq’ command definition
# $USER1$ = /usr/local/nagios/libexec

define command{
command_name check_mailq
command_line /usr/local/bin/sudo $USER1$/check_mailq -w $ARG1$ -c $ARG2$ -M $ARG3$
}

In servers.cfg (or whatever file you use for service definitions)
define service{
use local-service
host_name
service_description MailQue
check_command check_mailq!200!300!qmail
}

In sudoers file
# User alias specification
User_Alias NAGIOS = nagios
# Cmnd alias specification
Cmnd_Alias NAGIOSCOMMANDS = /var/qmail/qmail-qstat, /usr/local/nagios/libexec/check_mailq
# Defaults specification
Defaults:NAGIOS !requiretty

# User privilege specification
root ALL=(ALL) ALL
NAGIOS ALL=(ALL) NOPASSWD: NAGIOSCOMMANDS

#13 wayne on 08.21.10 at 1:47 am

Thanks, it works for me. Just vi check_mailq and change green line according to the above instruction

#14 wayne on 08.21.10 at 2:19 am

I have problem with nrpe. It runs locally fine from command line with proper output. With nrpe, it gives me “Couldn’t match /var/qmail/bin/qmail-qstat output” with UNKNOWN status. I don’t know what was wrong.

#15 Vitalie Cherpec on 08.21.10 at 10:33 am

You need to execute plugin under with sudo:

http://www.cherpec.com/2008/08/nagios-check_mailq-is-not-executable-by-uid-0/#comment-173

#16 wayne on 08.22.10 at 9:30 am

I got different error this time after adding in sudoer.
[root@nagios-server]# /usr/lib/nagios/plugins/check_nrpe -H 10.0.0.2 -c check_qmail_queue
NRPE: Unable to read output

I run the command in monitored server under nagios account with sudo and i have no issue.
sh-3.1$ /usr/bin/sudo /usr/lib/nagios/plugins/check_mailq -c 500 -w 250 -M qmail
OK: mailq (23) is below threshold (250/500)|unsent=23;250;500;0

Any thoughts?

#17 Vitalie Cherpec on 08.22.10 at 11:22 am

Check connection from nagios server to your server on nrpe port (5666):

[vitalie@nagios ~]$ telnet server 5666
Trying 1.1.1.1…
Connected to server (1.1.1.1).
Escape character is ‘^]’.

Examine iptables rules, /etc/xinetd.d/nrpe and /etc/hosts.* files, you may have IP address restrictions there, check log files in /var/log/*.

#18 wayne on 08.22.10 at 2:59 pm

Thanks for prompt reply Vitalie, I have other nrpe check (load, user, disk, process) running without problem, only this qmail check give me the unable to read output.

#19 wayne on 08.25.10 at 4:45 pm

I found the problem. CentOS is using user nrpe and not nagios for nrpe daemon. After I add in nrpe in sudoer files everything works!
Thanks !!!!

#20 monjje on 03.23.11 at 7:01 pm

Hi.,.,….
I m getting this error.,.
ERROR: is not executable by (uid 0:gid 0)

Even if i m executing it from root.

on Ubuntu

Leave a Comment