haproxy and socat sudo

I created a test user and want to limit this "test" user to run only the following command via visudo.

echo "show stat" | socat stdio /var/run/haproxy.sock

visudo

test    ALL=(root)NOPASSWD:/usr/bin/socat stdio /var/run/haproxy.sock

ls -lat /var/run/haproxy.sock

srwxr-xr-x 1 munin haproxy 0 May 22 22:32 /var/run/haproxy.sock

I ran the following command

test#sudo echo "show stat" | socat stdio /var/run/haproxy.sock

The error message

2013/05/22 23:13:14 socat[21289] E connect(3, AF=1 "/var/run/haproxy.sock", 23): Permission denied

May I know what was incorrectly configured in visudo


In your pipe, only echo is run with elevated privileges, I believe you need a sudo before socat.


The echo is running as root, but the socat isn't. Try this instead:

echo "show stat" | sudo socat stdio /var/run/haproxy.sock

You can define a normal (non-privileged) unix socket like:

    stats socket /var/run/haproxy/socket.sock mode 666