1

am using the haproxy socat to get the sessions data to plot it in cacti, /var/run/socket-haproxy is owned by www-data (the user which cacti uses) but when I try to execute this command as www-data am getting permission denied, any help would be much appreciated.

sudo su - www-data echo show stat | socat unix-connect:/var/run/socket-haproxy stdio | grep inbound | cut -d, -f 5
2012/01/11 15:58:18 socat[5448] E connect(3, AF=1 "/var/run/socket-haproxy", 25): Permission denied
-su: Can't open echo
Mike
  • 22,310
  • 7
  • 56
  • 79
APZ
  • 954
  • 2
  • 12
  • 25

1 Answers1

2

So the issue is your pipes.. What you are doing is echoing show stat as the www-data user but running socat as your own user. Need to wrap it in quotes

Also your sudo is completely wrong to run a command as a user

For example

# sudo -u www-data id
uid=33(www-data) gid=33(www-data) groups=33(www-data)

You don't need the extra su in there since you are already root I assume anyway

If you are already root just use su. Something like this

su -c "echo show stat | socat unix-connect:/var/run/socket-haproxy stdio | grep inbound | cut -d, -f 5" www-data
Mike
  • 22,310
  • 7
  • 56
  • 79
  • It's worth noting, too, that the only command that need be run as `www-data` is `socat`; it might be better to do only that part "elevated" and do the string manipulation as the other user. – fission Jan 12 '12 at 03:22
  • am not logged in as root, cacti executes this command as www-data and thats when the permission is denied. This command works perfectly when I log in as root but thanks for you help I got it working with the following command: sudo su -c "echo show stat | socat unix-connect:/var/run/socket-haproxy stdio | grep inbound | cut -d, -f 5" www-data – APZ Jan 12 '12 at 08:59
  • I was able to get the desired output with the following command, thanks Mike for all the help. sudo su -c "echo show stat | socat unix-connect:/var/run/socket-haproxy stdio | grep inbound | cut -d, -f 5" www-data – APZ Jan 12 '12 at 09:00