|
| From: | Jason Heiss |
| Subject: | read-only and command line access |
| Date: | Fri, 26 Oct 2012 08:50:00 -0400 |
| It appears that version 5.1 introduced the behavior that a read-only user can not access any information via the command line tool. Prior to 5.1 a read-only user could access "status" and "summary" data, all other commands would silently fail. The seemingly related change log entry for 5.1 doesn't make this sound like the intended change: * If Monit configuration allowed http interface access for a read-only user and it was specified as the first allow entry, Monit command line commands failed because it used the read-only account so commands like start, stop, etc. were rejected. Monit will now use full access regardless of allow option order. Thanks to Thorsten Kampe for report. Would it be possible to restore the behavior that read-only users can get "status" and "summary" data via the command line tool, but nothing else? Minimal monitrc for testing: set daemon 120 set httpd port 28120 and use the address 127.0.0.1 allow monit:monit read-only With a 5.0.3 client against a 5.5 server: address@hidden:~/monit-5.0.3> ./monit -c monitrc summary The Monit daemon 5.5 uptime: 0m System 'sleet.local' Running address@hidden:~/monit-5.0.3> ./monit -c monitrc unmonitor all (Note that the server logs a 403 error in this case, but the client doesn't say anything) With a 5.1 or newer client against a 5.5 server: address@hidden:~/monit-5.1> ./monit -c monitrc summary monit: cannot read status from the monit daemon address@hidden:~/monit-5.1> ./monit -c monitrc unmonitor all monit: action failed -- You are <b>not</b> authorized to access <i>monit</i>. Either you supplied the wrong credentials (e.g. bad password), or your browser doesn't understand how to sup |
| [Prev in Thread] | Current Thread | [Next in Thread] |