[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [monit] Patch: monit and Linux-PAM

From: Martin Pala
Subject: Re: [monit] Patch: monit and Linux-PAM
Date: Wed, 02 Apr 2008 21:19:12 +0200
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20080313 Iceape/1.1.9 (Debian-1.1.9-1)

Cool :)

We'll look on the patch and integrate.


Wilhelm Meier wrote:

here is a small patch for monit-4.10.1 to make monit Linux-PAM aware.

With this patch it is possible to setup monit to use the posix-group-membership to distinguish between user who
1)  can't see any information from the monit webserver
2) get a readonly view 3) can restart services, enable/disable monitoring, etc.

together with autorization via Linux-PAM.

Therefore one can define in the monitrc:
# to give users of posix-group 'group' readonly view
allow @group readonly
# to give users of posix-group 'service' full view
allow @service
Users who are not authenticated via pam don't see anything.

The patch is most usefull if the system where monit runs is setup with nss (name service switch) and PAM using a centralized user database. In most cases this would be LDAP. Group membership is resolved via nss and authorization is done via PAM-Service 'monit'. If one uses LDAP as centralized user-DB nss-ldap and pam-ldap are necessary components.



To unsubscribe:

reply via email to

[Prev in Thread] Current Thread [Next in Thread]