I’ve got a simple python script I’m trying to call from the [[inputs.exec]] but I keep getting permission denied.
I’ve tried chowning the script as root:root, or telegraf:telegraf with chmod 777 but the error persists. I’ve moved the script into the /tmp directory, and error persists. I’ve also tried adding telegraf to the root group with no success.
There’s an example in the [[outputs.exec]] plugin in the github project.
[[outputs.exec]]
## Command to ingest metrics via stdin.
command = ["tee", "-a", "/dev/null"]
## Timeout for command to complete.
# timeout = "5s"
## Data format to output.
## Each data format has its own unique set of configuration options, read
## more about them here:
## https://github.com/influxdata/telegraf/blob/master/docs/DATA_FORMATS_OUTPUT.md
# data_format = "influx"
Just saw this thread here. I can confirm that I had the same or very similar issue. I configured the inputs.exec plugin for running some python scripts on my Raspberry Pi 4. Troubleshooting the issue caused me real headaches, but I finally found for my setup a resolution.
The issue was, that I created my Python scripts with my Raspberry Pi admin user (in my case called piadmin) in the specific home dir branch of that user. However, when starting telegraf via systemctl it reads its config from a file named /lib/systemd/system/telegraf.service. This file per default has a line “User=telegraf”. That means, that the telegraf service per default runs under user “telegraf”. User “telegraf”, however, has no permissions in the home dir branch of user piadmin. What I now did is changing the line in the telegraf.service file to “User=piadmin”. That forces the telegraf service to run under this user context, which obviously has sufficient permissions to access and execute the python scripts in the home dir branch of that user. After changing the file reload the systemctl config by executing “sudo systemctl daemon-reload” followed by “sudo systemctl restart telegraf”. If in doubt, reboot the whole machine.
One caveat though: I recently updated to telegraf version 1.30 and afterwards the telegraf.service file had again changed the line “User=piadmin” to “User=telegraf”, so I had to customize it again after updating telegraf to its newest version.
I somehow would like to get the opinion of telegraf engineers, if my resolution is the best way to solve such a permission issue or if there is a better “best practice”. E.g. you could think as well of providing the default telegraf user with sufficient permissions to the path of the python script files.