Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
alokey2019-09-04 15:13:29
RAID
alokey, 2019-09-04 15:13:29

How to give access to the zabbix agent user to run commands?

There is an HP server with raid10 with installed proxmox.
It is necessary to configure disk array health monitoring via hpacucli.
An error occurred while running hpacucli as the zabbix user:

Error: You need to have administrator rights to continue.

Edited by sudoers. File contents:
#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults        env_reset
Defaults        mail_badpass
Defaults        secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL:ALL) ALL
zabbix ALL=(root) NOPASSWD: ALL

# Allow members of group sudo to execute any command
%sudo   ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "#include" directives:

#includedir /etc/sudoers.d

The sudo -lU zabbix command produces:
Matching Defaults entries for zabbix on lbox:
    env_reset, mail_badpass, secure_path=/usr/local/sbin\:/usr/local/bin\:/usr/sbin\:/usr/bin\:/sbin\:/bin

User zabbix may run the following commands on lbox:
    (root) NOPASSWD: ALL

But on behalf of zabbix again the same error.
No administrator rights.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
V
Vladimir, 2019-09-04
@MechanID

What you are doing is extremely unsafe, it is more correct to give permission to run from root only the necessary files, add something like this to the /etc/sudoers.d/zabbix file (example from raid monitoring and smart status)

Cmnd_Alias ZABBIX = \
        /opt/MegaRAID/MegaCli/MegaCli64,\
        /usr/sbin/smartctl

Defaults:zabbix !requiretty
zabbix  ALL=NOPASSWD: ZABBIX

Report
-
-=TuXaPb=-, 2020-01-09
@Storozh2005

After asking the Google search engine: "zabbix as run commands not out of root rights" (without quotes, of course), there was a link to one interesting topic on the unix.stackexchange.com website: https://unix.stackexchange.com/questions/234151/ho ... .
Look, it looks like there is a solution to your question.

Similar questions
E
Evgeniy Verlochev2021-04-27 11:59:23
Can you help give a second life to the old Raid? 2Reply
D
Dmitry2021-04-27 16:08:55
What happens if you put another disk in RAID 5 to replace the deceased one? 4Reply
P
Pomidoroff2021-05-03 22:22:35
Is it possible to create RAID 5 without losing old data? 2Reply
N
Nikname_non_name2019-11-07 17:02:49
What is an ASUD nVIDIA Raid controller and how to use it? 0Reply
R
Roman2015-07-05 16:04:27
Which RAID (and should I choose at all) for NVMe SSD? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question