Monit is an excellent monitoring and process management tool, it has a huge array of features in its custom syntax, one option is to run programs as a specific user, for example –
check process tomcat with pidfile /var/run/tomcat.pid
start program = "/etc/init.d/tomcat start"
as uid nobody and gid nobody
stop program = "/etc/init.d/tomcat stop"
# You can also use id numbers instead and write:
as uid 99 and with gid 99
if failed port 8080 then restart
I recently had trouble getting Monit to correctly change the UID and GID of an application, there was very little error messages available but restarting it with the -v flag showed me ‘Failed to change UID’.
It took much guess work to find the solution to this problem which turned out to be that SELinux was enabled. Disabling SELinux in /etc/selinux/config solved it. I assume there could be some better way of configuring SELinux to handle Monit’s requests to change UID but as this is an internal test system it doesn’t matter.