Closed masifpak closed 4 years ago
This is a problem with your sudoers file, not the handler. Add NOPASSWD
to your sudoers file, and you should be fine. Something like this, if you're cool with the sensu
account impersonating anyone.
sensu ALL = (ALL) NOPASSWD:ALL
EDIT: Also this.
Defaults:sensu !requiretty
/me grimaces.
While that works, I don't know that it would be considered best practice. #12 and #13 discuss adding a note to add the sensu
to sudoers, but in reality, that usage in sudoers should be scoped to the commands that the sensu
user needs to run, and not just grant it unrestricted access. There's been an ongoing conversation about this sort of thing the Sensu community, and we'd love y'all's input on that conversation. I think there's also some room for us to be prescriptive in how we recommend setting up sensu
as part of sudoers.
My response was meant to illustrate NOPASSWD
and !requiretty
portions moreso than to recommend giving the sensu
account global admin access. It should be up to the administrator to understand the implications of granting sudo
access, and how to properly restrict it.
With the issue in #12 and #13 as a whole, I think that providing a recommendation to the scope of sudo
access that the sensu
user has should probably be considered a "loose" suggestion. Everyone is going to have different requirements for their remediation tasks, after all.
Ah! Gotcha. I completely agree that admins should understand the implications of what they do when they're copying examples. And yeah, our recommendations would definitely be loose ones.
That said, since this is really more of an issue with the system that @masifpak is using, I'll close this out and defer to your advice @seifer44 .
I am trying to start crond service using remediation handler but facing this issue.