This how-to describes how to make NRPE execute scripts as another user, like root or backupadmin. This can be useful for plugins that control system services and similar.
It's not recommended to run check plugins or other scripts with NRPE as root - passing non-sanitized arguments to a script could result in arbitrary code execution with system level privileges.
Use the following guide with caution!
You will need the application sudo, root access to the system and basic UNIX knowledge. The commands below show you how to install sudo on RHEL and Debian-based Linux distributions:
We will start by checking which user the NRPE daemon runs as:
Run the sudo configuration tool visudo:
You might get prompted to select a text editor - select your editor of choice and continue.
Add the row below under "Defaults specification" to enable execution of sudo commands without a TTY:
Create a new row and add one of the following lines to enable password-less execution of specified command as root or another user:
Save and exit the text editor to close the visudo utility.
Listing sudo permissions
You can use the "sudo -l" command as the user running NRPE to list allowed commands.
This can help you debug issues - some characters needs to be escaped when used with sudo and similar
Open a NRPE commands configuration file (for example /etc/nrpe.d/custom.cfg) with your text editor of choice and prefix desired command with sudo:
Save and exit the text editor.
After restarting the NRPE daemon you should now be able to run scripts with NRPE as another user!
OP5 Monitor: Open Source Network Monitoring
OP5 is the preferred Open Source Networking & Server Monitoring tool for large multi-national companies in over 60 markets. If you would like to experience OP5 Monitor you can get started here, alternatively, if you prefer to get more hands on you can Download OP5 Monitor for free.