This file is indexed.

/usr/bin/munin-check is in munin 2.0.25-2.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below.

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
#!/bin/bash
# -*- sh -*-
# Copyright (C) 2008 Matthias Schmitz
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License
# as published by the Free Software Foundation; version 2 dated June,
# 1991.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
#
# $Id$


####
# prints usage
function usage() {
    echo "Usage: munin-check [options]
Options:
   -h|--help		Show this help.
   -f|--fix-permissions Fix the permissions of the munin dirs and files.
   			Needs superuser rights.

Please don't use this script if you are using 'graph_strategy cgi'!
It doesn't care about the right permissions for www-data yet...
"
}

# Get options from the command line
TEMP=$(getopt -o fh --long fix-permissions,help -n 'munin-check' -- "$@")

if [[ $? -ne 0 ]]; then
    echo "Terminating..." >&2
    exit 1
fi

# Note the quotes around `$TEMP': they are essential!
eval set -- "$TEMP"

while :; do
    case "$1" in
	-h|--help) usage ; exit 0; shift ;;
	-f|--fix-permissions) PLEASE_FIXME="true" ;  shift ;;
	--) shift ; break ;;
	*) echo "Internal error!" ; exit 1 ;;
    esac
done

####
# sets owner to "munin"
function fix_owner() {
    fix_object=$1; shift
    fix_owner=$1; shift

    if [[ $(id -u) -eq 0 ]]; then
	# -R is wrong, in case we're not recursing, and if we are
	# recursing then fix_owner will be called again.  OK, that's
	# slower, but still more correct.
	chown $fix_owner $fix_object;
    else
	echo "Fixing the permissions needs superuser rights. You should run \"munin-check -f\" as root."
	exit 0;
    fi
}

####
# check if "munin" is owner, if PLEASE_FIXME set it calls fix_owner()

function owner_ok() {
    object=$1; shift || exit 1
    correctowner=$1; shift || exit 1

    owner=$(ls -ld $object | awk '{print $3}')
    if [[ "$owner" != "$correctowner" ]]; then
	echo "# $object : Wrong owner ($owner != $correctowner)";
	if [[ "$PLEASE_FIXME" == "true" ]]; then
	    fix_owner $object $correctowner
	fi
    fi

    if [[ -d $object ]]; then
	if [[ -n "$norec" ]]; then
	    # The $norec variable cuts off recursion
	    return 0
	fi

	case $object in
	    "lost+found") return 0;;
	esac

	# ... and then dive into it
	for subobject in $object/*; do
		owner_ok $subobject $correctowner
	done
    fi
}


function perm_ok(){
    object=$1; shift || exit 1
    correctperm=$1; shift || exit 1

    perm=$(perl -e 'printf "%o\n", 07777 & (stat $ARGV[0])[2]' $object)
    if [[ $perm -ne $correctperm ]]; then
	echo "# $object : Wrong permissions ($perm != $correctperm)";
	if [[ "$PLEASE_FIXME" == "true" ]]; then
	    chmod $correctperm $object
	fi
    fi

    if [[ -d $object ]]; then
	# check the owner of the dir ...

	if [[ -n "$norec" ]]; then
	    # The $norec variable cuts off recursion
	    return 0
	fi

	case $object in
	    "lost+found") return 0;;
	esac

	# ... and then dive into it
	for subobject in $object/*; do
	    perm_ok $subobject $correctperm
	done
    fi
}

####
# main

echo "check /var/cache/munin/www"
owner_ok /var/cache/munin/www munin

for dir in /var/lib/munin/*; do
    # Do not check the plugin-state directory
    case $dir in
	*/plugin-state)
	    continue;;
    esac
    echo "check $dir"
    owner_ok $dir munin
done

echo "check miscellaneous"
norec=yes owner_ok /var/log/munin munin

norec=yes owner_ok /var/lib/munin munin
norec=yes perm_ok /var/lib/munin 755

for dir in /var/lib/munin/datafile /var/lib/munin/limits /var/lib/munin/*.stats; do
    norec=yes owner_ok $dir munin
    norec=yes perm_ok $dir 644
done

norec=yes owner_ok /var/lib/munin-node/plugin-state nobody
norec=yes perm_ok /var/lib/munin-node/plugin-state 775

norec=yes perm_ok /etc/munin/plugin-conf.d 755

echo "Check done.  Please note that this script only checks most things,"
echo "not all things."
echo
echo "Please also note that this script may be buggy."
echo