-1

I've installed and configured monit on a Debian server and opened the http service to localhost and gave rw permissions to the group "monit". I created this group and added myself to this group.

The monit daemon itself works perfectly, and I can control the daemon if I use sudo. This works, for example:

sudo monit stop <my-service>

But when I do this:

monit status

I get this error:

Cannot open the control file '/etc/monit/monitrc' -- Permission denied

The monitrc file is correctly set to 700, but it's owned by root. So naturally I can't open this file.

The next thing I tried was creating an empty .monitrc file in my home folder. In this case, monit is unable to locate the running monit daemon. I figured, maybe I should point monit to the ID file of the running monit instance, but this file (in /var/lib/monit/) is also set to 700.

So, how do I execute monit commands from a user in an allowed group? I don't want to send plaintext usernames/passwords, would much prefer to rely on my linux credentials.

Specifically, I'd like to restart a running process (monitored by monit) in a post-receive git hook as a quick and dirty means of doing continuous deployments to one of my non-critical development servers. I don't want to run this git hook with elevated privileges and also would prefer not to store any credentials on the disk, especially not in plain text. The server itself is running some AWS automation scripts which have some potential for abuse.

1 Answers1

0

Just enter as root: type

sudo -s

This will enter the shell, when you see

yourname@yourhost:/path/~#

or similar, you can do

monit status

and all monit commands.

  • Sorry, my question was poorly worded. I want to do this from a script, not from interactive session. Will fix. –  May 29 '16 at 14:37
  • I'd prefer not to add the user to the sudo group. The script will be triggered from a git hook. Essentially, I want to be able to control monit from a user set up to do that and only that: control monit. the monit daemon, then, will only be monitoring a select few processes (which are "owned" by this user). –  May 29 '16 at 16:07
  • You can put those commands into a bash script of course –  May 29 '16 at 14:39
  • In the sudo file (or best in the a new file in /etc/sudoer.d/git-hook) you can allow to run only one command and not all command as root. Look for man page of sudo or /etc/sudoers in order to know how to authorize only one command. This is more related to sudo configuration than monit. – DevOps Aug 02 '16 at 11:25
  • Have a look here for sudo help : http://unix.stackexchange.com/questions/18830/how-to-run-a-specific-program-as-root-without-a-password-prompt – DevOps Aug 02 '16 at 11:27