Local check executed by custom user

CMK version: 2.1.0p15.cre
OS version: Windows Server 2019

Hello all,
im having an issue trying to execute the plugin under the /local directory by a custom user.
I’ve writed a custom plugin that extract info about DB/Log space, backup and status of Sybase. If i run the script under the sidadm user i got the correct output as described in this link. If i run the check_mk_agent.exe test i got the correct output (since the moment i’ve been executing it with sidadm user).
Looking through different forum, post, and documentation i’ve found out that the script is being executed by the NT System user, and this user doesnt have the right env variable and other DLL library to execute the isql command necessary to extract the info from the database.
So, i came up with two solution:

  • in the script implementing a “Run as” for the query (im still looking on how to do that);
  • execute the entire script as sidadm.

My question is: how i tell the agent to execute the plugin as sidadm or sybsid user ?
In the C:\ProgramData\checkmk\agent\check_mk.user.yml ive not found any commented line that permitted to specify a different user to execute local check, so ive figured out by myself :laughing:.

I came up with this post and ive tried to replicate the syntax shown, heres mine:

local:
    enabled: yes

    # max_wait: 60 # max timeout for every sync plugin. Agen will gather plugins data no more than max_wait time.
                   # this is useful to terminate badly written or hanging plugins   


    async_start: true # start plugins asynchronous, this is normal mode. 

    # patterns will be scanned up down, 
    # configuration is assigned to the first found file matching the pattern 
    execution:
        - pattern     : 'C:\ProgramData\checkmk\agent\local\check_sybase.ps1'   	# Plugin name. * and ? are allowed
          user	      : 'HOSTNAME\sybsid password'
          run         : yes             # execute this plugin.

In the pattern parameter ive tried both the punctual path and no filter "*.*".

The script is being executed, since i can see some service being created on checkmk (there are some check performed that doesnt require the DLL Library or the env variable setted)

Is there something wrong in my configuration ? Im missing something ?

1 Like

I had a similar issue with other plugin and I set the environment variables that I needed at the beggining of the script.

You can also let the checkmk Agent Service run in the context of the user you need.
To fetch all the other OS informations, you can configure the account as a local Administrator.

Thank you, for the quick response.
I’ve followed with success the advice of Andre.
From the service utility, running the agent as sidadm, made the plugin extract all the data.

Thank again,
Davide

2 Likes