R: External Commands

Marco Borsani m.borsani at it.net
Mon Mar 21 17:05:46 CET 2005


Probably Steve is talking about my post.... here it is .

---------------------------------------------------------------------
I all
My environment is quite complex, specially regarding security policies.
I would use external commands via CGI interface, but I can not permit to ALL
nagios users.
My httpd have been started from www (unix user); putting this user in the
nagios group I permit to write the nagios.cmd file to everyone !
I need to limit this "write access" only to one unix/apache user only.
Is it possible? How?
I try to modify httpd.conf file, but .... I do not know how !
Thanks
Marco
---------------------------------------------------------------------

I need that only one user can schedule downtime, add comments, disable
checks...and so on. Right now the users can do it on theirs hosts/services.
This could be very dangerous because permit to "ingenuous" users to make
modifications which can stop the monitoring/notification.

Marco

-----Messaggio originale-----
Da: nagios-devel-admin at lists.sourceforge.net
[mailto:nagios-devel-admin at lists.sourceforge.net]Per conto di
nuffers at tsainc.com
Inviato: lunedi 21 marzo 2005 16.56
A: nagios-devel at lists.sourceforge.net
Oggetto: [Nagios-devel] External Commands



There has been discussion on the nagios-users board about external execution
of commands.  If you a need to provide a user with a read only (no ability
to submit commands) view of Nagios, there currently isn't way that I have
found.

Example of this are:

If you have a helpdesk and you only want them to be able to view
services/hosts current status and not give external commands.
An application administrator has their own services.  There are other
services such as disk space which are useful to them. They should only have
view and not be able to issue commands.

If you define a contact-group for a service, they can view and issue a
command.
If you define a contact-group for a host, they can view and issue commands
to the host and all services
If you use escalation, the contact group can view and issue commands to that
object similar to above.

What if the escalation portion was changed.  If you are only identified as a
contact through escalation, you will only have a view and not the ability to
give commands?  Not sure how much effort is involved but what do you think?
Are there plans to support this in another method  OR have I missed
something.

Help appreciated.

Steve Nuffer



Transaction Systems Architects, Inc.        330 S. 108th Ave.    Omaha, NE
68154-2684
 (402) 390-7938    Fax (402) 778-1413    nuffers at tsainc.com
This e-mail message and any attachments may contain confidential,
proprietary or non-public information.  This information is intended solely
for the designated recipient(s).  If an addressing or transmission error has
misdirected this e-mail, please notify the sender immediately and destroy
this e-mail.  Any review, dissemination, use or reliance upon this
information by unintended recipients is prohibited.  Any opinions expressed
in this e-mail are those of the author personally.



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click




More information about the Developers mailing list