2

我有一个用 Ruby 编写的特定脚本,需要 root 权限。大多数其他进程不需要它,因此很容易在 Monit 中设置。不是这个。

服务器需要监听386,这个端口只有root可以使用。我不会详细说明原因,因为 1) 我不是一个低级的人,2) 到目前为止,使用 sudo 时效果很好。

monit 配置文件很简单,如下所示:

set logfile syslog facility LOG_daemon # Default facility is LOG_USER
set mailserver smtp.sendgrid.net
        username "blah", password "blah"
        with timeout 20 seconds
set alert blah@bleh.com
set logfile /home/deploy/monit.log


check process ldapserver
     with pidfile /var/pids/ldap_server.pid
     start program = "/usr/local/bin/ruby /var/lib/ldap_server.rb"
     stop program = "/bin/sh"

注意:我把 /bin/sh 放在了停止程序中,因为这个进程没有停止程序。

如果我这样说:

start program = "/usr/local/bin/ruby /var/lib/ldap_server.rb"

它无法启动。没有提示。

start program = "/usr/bin/sudo -u deploy /usr/local/bin/ruby /var/lib/ldap_server.rb

也失败了。没有输出。

start program = "/bin/su deploy -c '/usr/local/bin/ruby /var/lib/ldap_server.rb'

启动失败。

我还尝试使用> ~/out.log 2 > &1捕获 stderr 和 stdout 重定向输出,但它似乎不起作用。

现在,我在 deploy 用户下启动 monit,这是受限制的。所以,我需要以某种方式以 root 身份运行 ldap 服务器,但事实证明这很难做到。

有人可以启发我吗?

干杯,

中号>

4

1 回答 1

6

Using sudo or su to run the script as the 'deploy' user won't help (as monit is already running as that user anyway, and it needs to run as root).

Also, sudo will by default prompt for a password, which monit won't be able to provide.

One way to solve this would be to create a file /usr/bin/startLDAPServer.sh and make it executable (chmod a+x /usr/bin/startLDAPServer.sh) with the following contents:

#!/bin/sh
/usr/local/bin/ruby /var/lib/ldap_server.rb

and then add this line to your /etc/sudoers file:

deploy ALL =NOPASSWD:/usr/bin/startLDAPServer.sh

You can then use:

start program = "/usr/bin/sudo /usr/bin/startLDAPServer.sh"

in monit.

于 2011-12-05T17:25:32.043 回答