Monit: How to check a program executed by a specific user?

Question

I have been using monit/mmonit to monitor my system. One if its features is the check program syntax, which runs a program and validates its return value:

# Asserts that there are more than 40 users in the DEV DB.

check program more_than_40_users_in_dev_db 
    with path /home/ubuntu/servers-scripts/monitoring/more_than_40_users_in_dev_db.py
    with timeout 5 seconds
    every 2 cycles
    if status != 0 then alert

The problem is that the script should run as the user ubuntu, but monit runs it as root. I have tried the as uid ubuntu and gid ubuntu syntax, but it does not seem to work for the check program directive.

Is there a way to run this script as a specific user?

Heh, I wanna know what's in: `/home/ubuntu/servers-scripts/monitoring/more_than_40_users_in_dev_db.py` :) — ewwhite, Sep 22 '14 at 12:37
One of the most mundane scripts ever written by a human being. — Adam Matan, Sep 22 '14 at 13:28

score 0 · Answer 1 · answered Sep 04 '20 at 22:08

This was probably changed in the intervening few years, but you can now do this with the as uid abc and as gid abc syntax as long as monit is running as root (e.g. systemd service):

# You can also shorten to 'as gid user and uid user'; both formats work for me with v5.26.0
check program somescript with path /home/user/somescript.sh as gid user and as uid user
    if status != 0 then alert

Where somescript.sh is

#!/bin/bash

whoami > /home/user/whoami.out

Of course you can also use a different gid that user is part of (say sharing) and the resulting file will be created with ownership user:sharing and contain 'user'.

Monit: How to check a program executed by a specific user?

1 Answers1