Use sudo to run certain command

Hi, I just wish to share this topic I recently faced: my custom plugin had to run a command which required to be run with a specific user.

I’m running icinga2 on ubuntu and the daemon runs as user ‘nagios’.
I specifically needed to call /opt/zimbra/bin/zmprov as user ‘zimbra’ inside my custom plugin.
Running it as nagios user would fail.

Inside my plugin I use sudo this way:

sudo --user zimbra /opt/zimbra/bin/zmprov ...other options

I had to configure sudo on the zimbra host to give nagios user permissions to run this specific command as zimbra user without requiring password:

nano /etc/sudoers.d/04_nagios
nagios ALL=(zimbra)NOPASSWD: /opt/zimbra/bin/zmprov

Because the command ‘zmprov’ can do many thing, I wish nagios to be able to call it only with certain options / sub-commands , i.e getAccount, getIdentity

I changed my sudo configuration using an alias to list all commands nagios user is allowed to run as zimbra user:

cat /etc/sudoers.d/04_nagios
Cmnd_Alias MONITORING = /opt/zimbra/bin/zmprov getAccount, \
                        /opt/zimbra/bin/zmprov getidentity


I hope this example may be useful for others.