bash - Running monit as a restricted user and making it watch a process that needs root privileges -

i have specific script written in ruby needs root privileges. of other processes don't need , easy setup in monit. not one.

the server needs listen @ 386, , port available root. won't details of why, because 1) i'm not low-level kind of guy, 2) worked fine far when using sudo.

the monit configuration file simple , looks this:

set logfile syslog facility log_daemon # default facility log_user set mailserver smtp.sendgrid.net         username "blah", password "blah"         timeout 20 seconds set alert blah@bleh.com set logfile /home/deploy/monit.log   check process ldapserver      pidfile /var/pids/ldap_server.pid      start program = "/usr/local/bin/ruby /var/lib/ldap_server.rb"      stop program = "/bin/sh" 

note: i've put /bin/sh in stop program because there's not stop program process.

if put this:

start program = "/usr/local/bin/ruby /var/lib/ldap_server.rb" 

it fails start. no hints.

start program = "/usr/bin/sudo -u deploy /usr/local/bin/ruby /var/lib/ldap_server.rb 

fails well. no output.

start program = "/bin/su deploy -c '/usr/local/bin/ruby /var/lib/ldap_server.rb' 

fails start.

i tried redirecting output using > ~/out.log 2 > &1 capture stderr , stdout doesn't seem work.

now, i'm starting monit under deploy user, restricted. so, i'd need somehow run ldap server root, turns out it's quite hard do.

could enlighten me ?

cheers,

m>

using sudo or su run script 'deploy' user won't (as monit running user anyway, , needs run root).

also, sudo default prompt password, monit won't able provide.

one way solve create file /usr/bin/startldapserver.sh , make executable (chmod a+x /usr/bin/startldapserver.sh) following contents:

#!/bin/sh /usr/local/bin/ruby /var/lib/ldap_server.rb 

and add line /etc/sudoers file:

deploy =nopasswd:/usr/bin/startldapserver.sh 

you can use:

start program = "/usr/bin/sudo /usr/bin/startldapserver.sh" 

in monit.