host/servicegroup commands

Sven Nierlein sven.nierlein at consol.de
Sat Jun 25 17:11:29 CEST 2011

Previous message: Host alias on retention data file
Next message: RFC/RFP Nagios command workers
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

One of our customers found a bug in the nagios cgis. It's easy to reproduce:

1. create a new user
2. give him authorized_for_all_services and authorized_for_all_hosts in 
your cgi.cfg

The contact should now be able to see all hosts and services but should 
not be allowed to submit any commands.
However, if the contact submits hostgroup or servicegroup commands, they 
are accepted and executed.
The attached patch fixes that behavior.

Regards,
   Sven
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-host_servicegroup_auth_fix.patch
Type: text/x-patch
Size: 2946 bytes
Desc: not available
URL: <https://www.monitoring-lists.org/archive/developers/attachments/20110625/550febb7/attachment.bin>
-------------- next part --------------
------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a 
definitive record of customers, application performance, security 
threats, fraudulent activity and more. Splunk takes this data and makes 
sense of it. Business sense. IT sense. Common sense.. 
http://p.sf.net/sfu/splunk-d2d-c1
-------------- next part --------------
_______________________________________________
Nagios-devel mailing list
Nagios-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-devel

Previous message: Host alias on retention data file
Next message: RFC/RFP Nagios command workers
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Developers mailing list