[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Access Control Problem

From: Jan-Henrik Haukeland
Subject: Re: Access Control Problem
Date: Tue, 4 Feb 2014 22:57:02 +0100

On 04 Feb 2014, at 16:36, Udo Eckhardt <address@hidden> wrote:

> So I tried many different configurations and at last this:
>    allow localhost
>    allow
>    allow user:password

     allow user:password readonly
> This configuration met 2 of 3 requirements, because read-only seems not to be 
> possible. If I add the "readonly" parameter the user will be read-only, but 
> for whatever reason the CLI-commands won't work anymore - and return the 
> following error message:
> cannot read status from the monit daemon
> Do I miss something? Is it possible to configure Monit to met all of my 
> requirements?
> I would be very grateful if you could help me!

When you execute Monit commands from the command line, Monit will connect and 
authenticate with the Monit server using credentials specified with allow 
user:password. If the authenticated user is readonly it is not allowed to 
execute commands nor read status from the Monit server and you get this error 
message: "monit: cannot read status from the monit daemon”. To fix this, make 
sure that at least one 'allow user:password’ is _not_ readonly. 

A readonly user was primarily introduced so you can give some users access to 
the Monit web-pages, but need not fear that they mess-up by executing start or 
stop actions on services. The side-effect unfortunately is the above since 
Monit also speak HTTP with the Monit Deamon and use the HTTP interface to 
delegate execution of actions to the Monit server.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]