monit-general
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[monit] Patch: monit and Linux-PAM


From: Wilhelm Meier
Subject: [monit] Patch: monit and Linux-PAM
Date: Tue, 1 Apr 2008 21:18:04 +0200
User-agent: KMail/1.9.7

Hello,

here is a small patch for monit-4.10.1 to make monit Linux-PAM aware.

With this patch it is possible to setup monit to use the 
posix-group-membership to distinguish between user who 

1)  can't see any information from the monit webserver
2) get a readonly view 
3) can restart services, enable/disable monitoring, etc.

together with autorization via Linux-PAM.

Therefore one can define in the monitrc:
--
# to give users of posix-group 'group' readonly view
allow @group readonly 

# to give users of posix-group 'service' full view
allow @service
--
Users who are not authenticated via pam don't see anything.

The patch is most usefull if the system where monit runs is setup with 
nss (name service switch) and PAM using a centralized user database. 
In most cases this would be LDAP. Group membership is resolved via 
nss and authorization is done via PAM-Service 'monit'. If one uses 
LDAP as centralized user-DB nss-ldap and pam-ldap are necessary 
components.

Enjoy,
-- 
Wilhelm

Attachment: monit-4.10.1-pam.patch
Description: Text Data


reply via email to

[Prev in Thread] Current Thread [Next in Thread]