I found a simple solution that works without modifying the script. Basically, one needs at least a unix system account that can “sudo” without password (/etc/sudoers) on the remote system and a SSH key pair. Since it is possible to call “ssh” to open up a real terminal on the remote machine, it is quite easy to call a remote script that lies on the remote server. So in case you want to work around NRPE, maybe my approach helps you out:
ssh -t -i “/path/to/.ssh/nagios_id_rsa” nagios@database ‘sudo /usr/lib64/nagios/plugins/pmp-check-mysql-file-privs -H localhost -l nagios -p XXX’
[Execute SSH with a real tty (-t) and use a certain identity file (-i), use the remote user name of the remote server to connect to (nagios@database) and on THAT systems call “sudo” that calls the plugin script with all arguments. Because we are already remote, “localhost” is interpreted on the remote system.]
Since I use an SSH key without password phrase and since I allowed the system user “nagios” to “sudo” exactly that script without any password, this works without entering any password, so it can be used in a script automatically.
In the end I get this for example: WARN files with wrong ownership: /var/lib/mysql/test
Connection to database closed.
That last sentence comes from the SSH server and should be removed from the one liner script because we do not want that message in our monitoring. Of course, one should really add some error handling. Consider this a proof of concept. Maybe this information can be included in your documentation so that you can be more detailed when writing “Executing those scripts is possible with or without NRPE but NRPE is the preferred way.”
Thank you for this challenge - once again I learned something. All the best wishes
Ron
[topic can be closed]