named pipe in rpmbuild

Question

I need to set the permissions of a file in rpm as a named pipe.

We deploy configuration files with some fancy rpm magic (%postun, %triggerin and %triggerun are used to mpve aside old config files and restore the m if needed). As part of the configuration for an Icinga distributed setup, I want to change the permissions of a file as part of the rpm installation, but I cant find the value I need to provide to the ''%attr'' macro.

The flie is:

ll /var/spool/icinga/cmd/icinga.cmd
prw-rw-rw- 1 icinga icingacmd 84 Apr 28 13:40 /var/spool/icinga/cmd/icinga.cmd

EDIT:

The actual issue is I have icinga.cmd with permissions prw-rw---, but I need it to be prw-rw-rw-. The actual file is created by the icinga process with the above permissions. I tried to automate the chmod including a loop that checks if the mode and permissions of the FIFO are good, but there are a series of complications I did not foresee and I will drop the idea here

The property of being a named pipe is not a permissions attribute. Is the issue how to create the named pipe in the RPM or how to set the properties of the named pipe as part of the %files section? — Etan Reisner, Apr 28 '14 at 18:01
If I understood what you were asking, I'd think you are looking for `%attr(0666, icinga, icingacmd) /var/spool/icinga/cmd/icinga.cmd`? If not, then kindly ignore this comment. On the other hand, the app could potentially recreate the named file on startup and the permission could differ. — alvits, Apr 28 '14 at 19:49
The app recreates the named pipe only if it is not there. I am considering modifying the rpm for the nsca deamon to have it run with the icinga user. — Bruno9779, Apr 29 '14 at 11:26

score 1 · Accepted Answer · answered May 06 '14 at 14:48

You cannot change permissions of a file created/delete at runtime using a package. Therefore the group sticky (g+s 2755) bit was set, allowing the daemon to inherit the group of the parent directory. That way the command pipe is writable (0660) by the icingacmd group. If your application user (which normally is either icinga or apache for web applications) is in that group, you'll have no issues. For icinga and apache users, the rpms already take care (classic ui requires that for instance). The nsca package afaik runs as user nagios, which must be put into the icingacmd group (or you'll consider changing the user nsca running as, to icinga, or a different new one, which is in the icingacmd group).

In the end I found /etc/nagios/nsca.cfg an changed the user to icinga. That was all I needed to do. — Bruno9779, May 06 '14 at 14:55

named pipe in rpmbuild

1 Answers1