allow a user to run specific monit action

Question

I have installed monit for many applications with the root user. One of the applications is started with a non-root user account.

Unfortunately, when I update my app, I also need to restart it. My update process uses the non-root user (I use capistrano to udpate my app)

Since Monit is checking this app and the update process is done with the non-root user. In order to restart the app, the non-root user kills the app and monit restarts it.

I would like to allow the non-root user to be allowed to only restart this specific app. This user shouldn't be aloud to run other monit related actions.

Is there a way to allow a user run a specific monit action, even if he is not the owner of the monitrc ?

If you want to allow a non-root user to execute privileged command, you can use `sudoers` file. — Khaled, Jan 21 '13 at 08:19

score 5 · Accepted Answer · answered Jan 21 '13 at 10:36

5

Add an entry to /etc/sudoers...

%non-root-group ALL=NOPASSWD:/usr/bin/monit

or

non-root-user ALL=NOPASSWD:/usr/bin/monit

or

non-root-user ALL=NOPASSWD:/usr/bin/monit reload # to give a specific Monit command.

answered Jan 21 '13 at 10:36

ewwhite

194,921
91
434
799

Is their a way to achieve this using monit config instead ? – Raphael Jan 22 '13 at 09:58
Finally granted my user this privilege, but I am still looking for a way to achieve this from a monit config point – Raphael Jan 27 '13 at 19:39

score 0 · Answer 2 · answered Nov 18 '21 at 12:49

0

According to https://mmonit.com/monit/documentation/monit.html#CONFIGURATION-EXAMPLES, you can use a configuration with

start program ...as uid "capistrano" and gid "users"

Maybe this does what you want?

answered Nov 18 '21 at 12:49

Werner Flamme

1

allow a user to run specific monit action

2 Answers2

Linked