[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

read-only and command line access

From: Jason Heiss
Subject: read-only and command line access
Date: Fri, 26 Oct 2012 08:50:00 -0400

It appears that version 5.1 introduced the behavior that a read-only user can not access any information via the command line tool.  Prior to 5.1 a read-only user could access "status" and "summary" data, all other commands would silently fail.

The seemingly related change log entry for 5.1 doesn't make this sound like the intended change:

* If Monit configuration allowed http interface access for a read-only
  user and it was specified as the first allow entry, Monit command line
  commands failed because it used the read-only account so commands
  like start, stop, etc. were rejected. Monit will now use full access
  regardless of allow option order. Thanks to Thorsten Kampe for report.
Would it be possible to restore the behavior that read-only users can get "status" and "summary" data via the command line tool, but nothing else?

Minimal monitrc for testing:

set daemon 120
set httpd port 28120
  and use the address
  allow monit:monit read-only

With a 5.0.3 client against a 5.5 server:

address@hidden:~/monit-5.0.3> ./monit -c monitrc summary
The Monit daemon 5.5 uptime: 0m 

System 'sleet.local'                Running
address@hidden:~/monit-5.0.3> ./monit -c monitrc unmonitor all
(Note that the server logs a 403 error in this case, but the client doesn't say anything)

With a 5.1 or newer client against a 5.5 server:

address@hidden:~/monit-5.1> ./monit -c monitrc summary
monit: cannot read status from the monit daemon

address@hidden:~/monit-5.1> ./monit -c monitrc unmonitor all
monit: action failed -- You are <b>not</b> authorized to access <i>monit</i>. Either you supplied the wrong credentials (e.g. bad password), or your browser doesn't understand how to sup

reply via email to

[Prev in Thread] Current Thread [Next in Thread]