[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Access Control Problem
From: |
Jan-Henrik Haukeland |
Subject: |
Re: Access Control Problem |
Date: |
Tue, 4 Feb 2014 22:57:02 +0100 |
On 04 Feb 2014, at 16:36, Udo Eckhardt <address@hidden> wrote:
> So I tried many different configurations and at last this:
> allow localhost
> allow 0.0.0.0/0.0.0.0
> allow user:password
allow user:password readonly
>
> This configuration met 2 of 3 requirements, because read-only seems not to be
> possible. If I add the "readonly" parameter the user will be read-only, but
> for whatever reason the CLI-commands won't work anymore - and return the
> following error message:
> cannot read status from the monit daemon
>
> Do I miss something? Is it possible to configure Monit to met all of my
> requirements?
> I would be very grateful if you could help me!
When you execute Monit commands from the command line, Monit will connect and
authenticate with the Monit server using credentials specified with allow
user:password. If the authenticated user is readonly it is not allowed to
execute commands nor read status from the Monit server and you get this error
message: "monit: cannot read status from the monit daemon”. To fix this, make
sure that at least one 'allow user:password’ is _not_ readonly.
A readonly user was primarily introduced so you can give some users access to
the Monit web-pages, but need not fear that they mess-up by executing start or
stop actions on services. The side-effect unfortunately is the above since
Monit also speak HTTP with the Monit Deamon and use the HTTP interface to
delegate execution of actions to the Monit server.