2

I am writing a plugin for munin to monitor something on our Ubuntu Linux server (which is on Amazon EC2). The plugin requires running a programme /usr/sbin/rabbitmqctl via sudo.

I have the following line in /etc/sudoers:

munin ALL = NOPASSWD: /usr/sbin/rabbitmqctl list_queues

As you can see the munin user (which is the user that runs the script) is allowed execute the command /usr/sbin/rabbitmqctl list_queues via sudo without a password. I have confirmed this works by sudo -u munin -s and running it.

However in the munin logs (/var/log/munin/munin-node.log), I get lots of output for the plugin like this:

2013/06/28-11:35:26 [28107]     sudo: no tty present and no askpass program specified

And there is no data in the graph.

At the end of my /etc/sudoers file, I have this, which is commonly suggested as a solution:

Defaults    !requiretty

However it doesn't fix it. The common suggestion of "uncomment that line in /etc/sudoers" doens't work either because there isn't anything in that file.

Is there a way to allow my munin plugin to call something via sudo?

Update №1: The munin plugin is executed by munin-node on the server, that's run as the munin user, I can't change all of munin to run everything as root.

Amandasaurus
  • 31,471
  • 65
  • 192
  • 253
  • Have you tried explicitly setting `!requiretty munin`? the order of directives in the `sudoers` file does matter. Also check for include directives. – dawud Jun 28 '13 at 11:54
  • Is there a reason you don't just run the plugin as root? – EightBitTony Jun 28 '13 at 11:54
  • @dawud What order should I put it in? Is that just the line I should put in? – Amandasaurus Jun 28 '13 at 12:03
  • 3
    @EightBitTony everything that doesn't specifically need to be run as root shouldn't be run as root – dawud Jun 28 '13 at 12:07
  • 1
    Check if there is more than one `requiretty` directive in the `sudoers` file, causing overrides. – dawud Jun 28 '13 at 12:11
  • 1
    Munin already runs a bunch of plugins as root. I'm not suggesting running *all* of munin as root, but munin allows you to specify which user each plugin runs as. – EightBitTony Jun 28 '13 at 13:53

1 Answers1

2

This isn't an answer to your specific query, but it's a solution to your specific issue.

Rather than using sudo, do what other munin plugins do, override the user which runs the specific plugin to be root.

More information here.

You add a section like this,

[<plugin name>]
user <user>
group <group>

to munin-node in the plugin-conf.d directory (usually in /etc/munin).

Several of the munin plugins already run as root, so if you're prepared to run munin, this is already standard practice.

EightBitTony
  • 9,311
  • 1
  • 34
  • 46