I have several different application areas that need there own views with Nagios. Flexibility on whether a user can view or submit commands would be very helpful. Steve Nuffer PS. I have also submitted other posts on nagios-users on this particular subject. <div align=center> </div> <table width=100%> <tr valign=top> <td width=40%>"Marco Borsani" <m.borsani@it.net> 21-Mar-2005 10:05 AM <td width=59%> <table width=100%> <tr valign=top> <td> <div align=right>To</div> <td><nagios-devel@lists.sourceforge.net> <tr valign=top> <td> <div align=right>cc</div> <td><nuffers@tsainc.com> <tr valign=top> <td> <div align=right>Subject</div> <td>R: [Nagios-devel] External Commands</table> <table> <tr valign=top> <td> <td></table> </table> <tt>Probably Steve is talking about my post.... here it is . --------------------------------------------------------------------- I all My environment is quite complex, specially regarding security policies. I would use external commands via CGI interface, but I can not permit to ALL nagios users. My httpd have been started from www (unix user); putting this user in the nagios group I permit to write the nagios.cmd file to everyone ! I need to limit this "write access" only to one unix/apache user only. Is it possible? How? I try to modify httpd.conf file, but .... I do not know how ! Thanks Marco --------------------------------------------------------------------- I need that only one user can schedule downtime, add comments, disable checks...and so on. Right now the users can do it on theirs hosts/services. This could be very dangerous because permit to "ingenuous" users to make modifications which can stop the monitoring/notification. Marco -----Messaggio originale----- Da: nagios-devel-admin@lists.sourceforge.net [mailto:nagios-devel-admin@lists.sourceforge.net]Per conto di nuffers@tsainc.com Inviato: lunedi 21 marzo 2005 16.56 A: nagios-devel@lists.sourceforge.net Oggetto: [Nagios-devel] External Commands There has been discussion on the nagios-users board about external execution of commands. If you a need to provide a user with a read only (no ability to submit commands) view of Nagios, there currently isn't way that I have found. Example of this are: If you have a helpdesk and you only want them to be able to view services/hosts current status and not give external commands. An application administrator has their own services. There are other services such as disk space which are useful to them. They should only have view and not be able to issue commands. If you define a contact-group for a service, they can view and issue a command. If you define a contact-group for a host, they can view and issue commands to the host and all services If you use escalation, the contact group can view and issue commands to that object similar to above. What if the escalation portion was changed. If you are only identified as a contact through escalation, you will only have a view and not the ability to give commands? Not sure how much effort is involved but what do you think? Are there plans to support this in another method OR have I missed something. Help appreciated. Steve Nuffer Transaction Systems Architects, Inc. 330 S. 108th Ave. Omaha, NE 68154-2684 (402) 390-7938 Fax (402) 778-1413 nuffers@tsainc.com This e-mail message and any attachments may contain confidential, proprietary or non-public information. This information is intended solely for the designated recipient(s). If an addressing or transmission error has misdirected this e-mail, please notify the sender immediately and destroy this e-mail. Any review, dissemination, use or reliance upon this information by unintended recipients is prohibited. Any opinions expressed in this e-mail are those of the author personally. </tt>