monit的运行作为一个受限用户，使之观看了需要root权限的进程 [英] Running monit as a restricted user and making it watch a process that needs root privileges

问题描述

我有Ruby编写一个具体的脚本，需要root权限。大多数其他的进程就不需要了，因此很容易设置的monit的。没有这一项。

I have a specific script written in Ruby that needs root privileges. Most of the other processes don't need that and so were easy to setup in Monit. Not this one.

服务器需要在386听，该端口仅适用于根。我不会进入的原因细节，因为1）我不是一个低级别的那种人，2）使用sudo时，它正常工作为止。

The server needs to listen at 386, and this port is only available for root. I won't get into the details of why, because 1) I'm not a low-level kind of guy, 2) It worked fine so far when using sudo.

该monit的配置文件是简单的，看起来像这样：

The monit configuration file is simple and looks like this:

set logfile syslog facility LOG_daemon # Default facility is LOG_USER
set mailserver smtp.sendgrid.net
        username "blah", password "blah"
        with timeout 20 seconds
set alert blah@bleh.com
set logfile /home/deploy/monit.log


check process ldapserver
     with pidfile /var/pids/ldap_server.pid
     start program = "/usr/local/bin/ruby /var/lib/ldap_server.rb"
     stop program = "/bin/sh"

注：我已经把/ bin / sh的在停止节目因为没有这个过程停止程序

Note: I've put /bin/sh in the stop program because there's not a stop program for this process.

如果我把这样的：

start program = "/usr/local/bin/ruby /var/lib/ldap_server.rb"

这将无法启动。没有提示。

It fails to start. No hints.

start program = "/usr/bin/sudo -u deploy /usr/local/bin/ruby /var/lib/ldap_server.rb

也将失败。无输出。

Fails as well. No output.

start program = "/bin/su deploy -c '/usr/local/bin/ruby /var/lib/ldap_server.rb'

将无法启动。

我也尝试使用＆GT重定向输出; 〜/ out.log 2 - ; ＆安培; 1 捕获stderr和标准输出，但它似乎并没有工作。

I also tried redirecting the output using > ~/out.log 2 > &1 to capture stderr and stdout but it doesn't seem to work.

部署用户，这也是制约下，现在，我开始monit的。所以，我需要以某种方式运行LDAP服务器的根，但事实证明这是相当难的事情。

Now, I'm starting monit under the deploy user, which is restricted. So, I'd need to somehow run the ldap server as root, but turns out it's quite hard to do.

有人能告诉我吗？

干杯，

M>

推荐答案

使用须藤或苏来运行脚本作为'部署'用户将不会帮助（如monit的是已经作为该用户运行无论如何，它需要以root身份运行）。

Using sudo or su to run the script as the 'deploy' user won't help (as monit is already running as that user anyway, and it needs to run as root).

另外，须藤将由密码默认提示，这monit的将不能够提供

Also, sudo will by default prompt for a password, which monit won't be able to provide.

来解决，这将是创建一个文件 /usr/bin/startLDAPServer.sh ，让一个方式，它的可执行文件（ CHMOD一个+ X /usr/bin/startLDAPServer.sh ）包含以下内容：

One way to solve this would be to create a file /usr/bin/startLDAPServer.sh and make it executable (chmod a+x /usr/bin/startLDAPServer.sh) with the following contents:

#!/bin/sh
/usr/local/bin/ruby /var/lib/ldap_server.rb

和那么这行添加到您的的/ etc / sudoers文件文件：

and then add this line to your /etc/sudoers file:

deploy ALL =NOPASSWD:/usr/bin/startLDAPServer.sh

您可以再使用：

start program = "/usr/bin/sudo /usr/bin/startLDAPServer.sh"

在monit的。

这篇关于monit的运行作为一个受限用户，使之观看了需要root权限的进程的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！