This how-to describes how to make NRPE execute scripts as another user, like root or backupadmin. This can be useful for plugins that control system services and similar.
It's not recommended to run check plugins or other scripts with NRPE as root - passing non-sanitized arguments to a script could result in arbitrary code execution with system level privileges.
Use the following guide with caution!
You will need the application sudo, root access to the system and basic UNIX knowledge. The commands below show you how to install sudo on RHEL and Debian-based Linux distributions:
We will start by checking which user the NRPE daemon runs as:
Run the sudo configuration tool visudo:
You might get prompted to select a text editor - select your editor of choice and continue.
Add the row below under "Defaults specification" to enable execution of sudo commands without a TTY:
Create a new row and add one of the following lines to enable password-less execution of specified command as root or another user:
Save and exit the text editor to close the visudo utility.
Listing sudo permissions
You can use the "sudo -l" command as the user running NRPE to list allowed commands.
This can help you debug issues - some characters needs to be escaped when used with sudo and similar
Open a NRPE commands configuration file (for example /etc/nrpe.d/custom.cfg) with your text editor of choice and prefix desired command with sudo:
Save and exit the text editor.
After restarting the NRPE daemon you should now be able to run scripts with NRPE as another user!