I've the following details to access in monitrc:
set httpd port 2812 and
use address localhost # only accept connection from localhost
allow 0.0.0.0/0.0.0.0
# allow admin:monit # require user 'admin' with password 'monit'
allow @mygroup
Somewhere inside the Monit's source file p.y there is code which checks monitrc with a comment saying:
/*
* Secure check the monitrc file. The run control file must have the
* same uid as the REAL uid of this process, it must have permissions
* no greater than 700 and it must not be a symbolic link.
*/
The message The control file '/etc/monit/monitrc' must be owned by you is generated by this check. To fix it you need to change either the monitrc file owner or the user which runs Monit daemon, so that they are the same.
This also follows from the Monit documentation:
To protect the security of your control file and passwords the control file must have read-write permissions no more than 0700 (u=xrw,g=,o=); Monit will complain and exit otherwise.
