Get data from tool requiring root access

I want to collect data from the tool hdsentinel, which requires root access. How do i run this utility as root from telegraf, which is run by the user telegraf?

the script is like this:
hdsentinel -solid | awk '{print "hdsentinel,disk=" $5 " health=" $3 ",temp="$2}' | grep -v "General"

running it as sudo -u telegraf gives an error 1.

how do i make it run correctly?

edit: i have edited sudoers with this, but did not help:
telegraf ALL=(ALL) NOPASSWD: /etc/telegraf/hdstats

That doesn’t run the command as root, it runs it as telegraf user which you would already get when telegraf runs the check.

Where is the binary hdsentinel located? Change the path in your suduers to use that instead of the config file

And use visudo to edit the config !

i know sudo -u telegraf does not run it as root. i am using that command to run it as telegraf, because that is how telegraf is running it.

i had an option with path ALL=(ALL) NOPASSWD: /usr/bin/hdsentinel as well, but running it as telegraf was still complaining about no root permissions

Maybe I misunderstood - are you wanting to run this check with telegraf as root (via sudo) or as telegraf user?

Can you post your telegraf config in a </> code block , sanitizing any sensitive bits.

i am trying to run the script as telegraf user to check it’s correctness. i understand telegraf is running it as telegraf user as well. basically i need the script to be run by the telegraf user as root

my config is quite simple:

  percpu = true
  totalcpu = true
  fielddrop = ["time_*"]

  # no configuration

  ignore_fs = ["tmpfs", "devtmpfs"]

  # no configuration

# Read metrics about memory usage
  # no configuration

# Get the number of processes and group them by status
  # no configuration

# Read metrics about swap memory usage
  # no configuration

# Read metrics about system load & uptime
  # no configuration

  # no configuration

# If no servers are specified, the plugin will query the local machine sensor stats
servers = [ "ipmiuser:ipmiuser@lanplus(" ]
path = "ipmitool"
privilege = "USER"
interval = "10m"
metric_version = 2

commands = ["/etc/telegraf/"]
timeout = "5s"
interval = "120m"
data_format = "influx"

  # The full HTTP or UDP URL for your InfluxDB instance.
  ## Multiple URLs can be specified for a single cluster, only ONE of the
  ## urls will be written to each interval.
  urls = [""]

   database = "hpserver"

  ## Timeout for HTTP messages.
 timeout = "5s"

Ok. Try this and see if it works- change your sudoers config to this :

To test:
#sudo su -u telegraf bash ( wrong, typo)
sudo -u telegraf bash
sudo /etc/telegraf/

If this part doesn’t work, it’s not going to work inside telegraf. If you get the output you expect then continue below.

Finally, change your telegraf config to this

the part

sudo /etc/telegraf/

is still asking for a password (which the telegraf user does not have).

not sure how relevant is this, but my default user is root (this is a proxmox server), so su does not make sense in this scenario i think. i used sudo -u telegraf bash to become telegraf what was successully confirmed by whoami

Ha. That was a typo by me - habit of typing sudo su … 30+ times a day :slight_smile: glad you understood my meaning anyway.

Strange, I’m not sure why you still cant run that script with sudo. Arch docs are pretty good, failing that, maybe ask on stackoverflow

the issue was with the general placement of data in the sudoers file. it seems in debian whatever is in the folder /etc/sudoers.d takes preference, so I had to add the NOPASSWD: declarations there. now it works as it should

1 Like

This topic was automatically closed 60 minutes after the last reply. New replies are no longer allowed.