Cool :)
We'll look on the patch and integrate.
Thanks,
Martin
Wilhelm Meier wrote:
Hello,
here is a small patch for monit-4.10.1 to make monit Linux-PAM aware.
With this patch it is possible to setup monit to use the
posix-group-membership to distinguish between user who
1) can't see any information from the monit webserver
2) get a readonly view
3) can restart services, enable/disable monitoring, etc.
together with autorization via Linux-PAM.
Therefore one can define in the monitrc:
--
# to give users of posix-group 'group' readonly view
allow @group readonly
# to give users of posix-group 'service' full view
allow @service
--
Users who are not authenticated via pam don't see anything.
The patch is most usefull if the system where monit runs is setup with
nss (name service switch) and PAM using a centralized user database.
In most cases this would be LDAP. Group membership is resolved via
nss and authorization is done via PAM-Service 'monit'. If one uses
LDAP as centralized user-DB nss-ldap and pam-ldap are necessary
components.
Enjoy,
------------------------------------------------------------------------
--
To unsubscribe:
http://lists.nongnu.org/mailman/listinfo/monit-general
--
To unsubscribe:
http://lists.nongnu.org/mailman/listinfo/monit-general
