On 12 Oct 2015, at 17:15, Rubén Pérez <address@hidden> wrote:
Hi,
I've discovered monit a few months ago and I am really delighted with it.
However, last week I've found a weird problem which, honestly, I do not know
how to solve.
I have some machines running Ubuntu 12.04, so the monit version is not the
latest. Monit should make sure that a certain program runs owned by a certain
unprivileged user. One of this program's plugins needs to access the serial
port, but I am constantly getting permission errors. If I run the program
directly with the same user, I do not get any errors. Let me explain how the
user and group permissions are:
• The serial port device is "/dev/ttyS0". Owner: root. Group: dialout.
Permissions 660. This is the standard configuration for the serial ports in Ubuntu
• The user main group is its own (for instance, user "sinho", group "sinho"), but
it belongs to the group "dialout" nevertheless.
Please find attached a monit configuration file ("test_python_monit") and a python program ("test.py") that I've used to
demonstrate the issue. I'm using "process" and not "program", because the monit version in 12.04 does not yet support a
"program" check with arguments. In order to run this in your computer, you should change "test_python_monit" to include the
actual path to the "test.py" file in your system, and your own user name.
All in all, the results I get with this test (which are the same as with the real
program) are like this. Using the attached configuration file and running "monit
validate":
'python' process is not running
'python' trying to restart
'python' start: /usr/bin/python
User: 1000
Group: 1000
Efective User: 1000
Efective Group: 1000
Serial port owner 0 can read, can write and cannot execute
Serial port group 20 can read, can write and cannot execute
Serial port others cannot read, cannot write and cannot execute
Can we read? No
Can we write? No
Can we execute? No
Running the "test.py" script directly, I get:
User: 1000
Group: 1000
Efective User: 1000
Efective Group: 1000
Serial port owner 0 can read, can write and cannot execute
Serial port group 20 can read, can write and cannot execute
Serial port others cannot read, cannot write and cannot execute
Can we read? Yes
Can we write? Yes
Can we execute? No
So I guess the issue is that, with monit, the additional groups are not taken
into account for some reason. But changing the group in the monit configuration
is not an option, because the program I am using does some kind of user
authorization using the group permissions.
Any idea of how this can be solved?
Thanks for your help
--
Rubén Pérez Vázquez
Universität zu Köln
Regionales Rechenzentrum (RRZK)
Weyertal 121, Raum 4.05
D-50931 Köln
✆: +49-221-470-89603
<test_python_monit.txt><test.py>--
To unsubscribe:
https://lists.nongnu.org/mailman/listinfo/monit-general