Exec Error in TICK Script

I get exec plugin error as below :

E! exec command failed: Output: : fork/exec /usr/local/bin: permission denied

when i try to run a shell script from Tick script.

Please find the alert node as below :

alert .log('/tmp/disk_alert_log.txt') .slack() .channel('#devops') .exec('/usr/local/bin','recoverDisk')

Any help would be really appreciated

Thanks,
Sunil

@Sunil_Jacob Have you tried to run the kapacitor process as root? You could also move your recoverDisk binary out of a protected folder into one thats readable/writable by the kapacitor user.

@jackzampolin recoverDisk binary is in /usr/local/bin folder with root access

So the error you are getting is a permission issue. Are you running the kapacitord process as root? It needs to be able to access the binary.

Yes kapacitor is running as root

-rwxr-xr-x 1 root root 7469854 Jan 23 23:23 kapacitor
-rwxr-xr-x 1 root root 23863689 Jan 23 23:23 kapacitord

recover_disk.sh is the actual script which is in my home directory and i have created a symlink for this script which is recoverDisk under /usr/local/bin so you can name it whatever you want or use it without the .sh extension.

Try

alert
.log('/tmp/disk_alert_log.txt')
.slack()
.channel('#devops')
.exec('/usr/local/bin/recoverDisk')

Sure will check now … will let you know

:frowning: tried but in vain, its not executing the script
below is in my home directory

-rwxr-xr-x 1 ec2-user ec2-user 376 Jun 7 17:01 recover_disk.sh

below is in /usr/local/bin

lrwxrwxrwx 1 root root 46 Jun 7 15:33 recoverDisk → /home/ec2-user/techgig/scripts/recover_disk.sh

Hmm thats peculiar. Have you tried executing the script itself, not the symlink?

I’ll just check now… Will let you know.

```[disk_alert_stream:alert4] 2017/06/07 19:24:40 E! exec command failed: Output: : fork/exec /home/ec2-user/techgig/scripts/recover_disk.sh: permission denied``

-rwxr-xr-x 1 ec2-user ec2-user 376 Jun 7 17:01 recover_disk.sh

alert .log('/tmp/disk_alert_log.txt') .slack() .channel('#devops') .exec('/home/ec2-user/techgig/scripts/recover_disk.sh')

What version of Kapacitor are you on? Also what OS. And can you supply a redacted version of the script you’re trying to run.

Script as below:
#!/bin/bash statusCode=$(postToSlack -u "https://hooks.slack.com/services/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" -c devops -b "Disk space freed." -t "Disk Space issue solved") echo $statusCode

Running on> Kapacitor v1.3.1
Running > RHEL Fedora

The script is in the directory /home/ec2-user/ and unless the kapacitor process is running as the ec2-user it will not have access to execute the script. The fact that the script is symlinked doesn’t change the permissions needed to read the /home/ec2-user/ directory. You will need to place the script in a directory the kapacitor user has access to read.

Thanks @nathaniel, makes sense… i shall do it

@nathaniel Am still stuck with this problem. I have found directors which kapacitor directories has read and execute access using the below command:
sudo find / -user kapacitor -group kapacitor -perm -u+rx
The output was as below:

/home/ec2-user/go

I moved the recover_disk.sh script to the above directory and tried to run Kapacitor script, but still i get the below error:

[disk_alert_stream:alert4] 2017/06/26 14:53:50 E! exec command failed: Output: : fork/exec /home/ec2-user/go/recover_disk.sh: permission denied

The permissions in for recover_disk.sh are as follows:

-rwxr-xr-x 1 kapacitor telegraf 336 Jun 26 13:47 recover_disk.sh

it would be really helpful for your advise.

What are the permissions on /home/ec2-user/go and /home/ec2-user my guess is that they are only readable by the ec2-user which means that kapacitor cannot read the file since it cannot read the directory above it.

An easy way to test this is to become the kapacitor user and try the action:

sudo -u kapacitor ls /home/ec2-user/go/recover_disk.sh

In general things under /home/{user} are only accessible to that user which in this case is not the kapacitor user.

1 Like

@nathaniel what are some directories that kapacitor would have access to? I am having a similar issue.