Apache suExec and /usr/local/nagios/etc permissions
Syed Ali
syed at nec-labs.com
Thu Feb 20 19:02:53 CET 2003
Hello,
I am running Apache 1.3.20 on RedHat 7.2.
Apache runs under user 'apache'.
Nagios is running under user 'nagios'.
However, unless I do not give world readable permissions to
/usr/local/nagios/etc I cannot access the web interface for Nagios.
If I give world readable permission to /usr/local/nagios/etc, then users
on the system can view the SNMP RO community in the services.cfg or
checkcommands.cfg file.
So, how do I go about not allowing my users to be able to read the
/usr/local/nagios/etc directory?
I had disabled suExec on the httpd server for Cricket to run, but I am
willing to give up cricket and enable suEexec.
Reading the Apache suExec documentation, it looks like suExec works with
v2.0 of Apache and the virtual host directive, neither of which I am
using.
Also, it seems that suExec will work if you append the ~ but when I set
an alias as /~nagios /usr/local/nagios/share I get permission denied
reading ~nagios/etc/htpasswd file.
(Which means suExec is not working?)
Paste from httpd.conf:
ScriptAlias /nagios/cgi-bin /usr/local/nagios/sbin/
<Directory "/usr/local/nagios/sbin/">
AllowOverride AuthConfig
Options ExecCGI
Order allow,deny
Allow from all
</Directory>
Alias /nagios/ /usr/local/nagios/share/
<Directory "/usr/local/nagios/share/">
AllowOverride AuthConfig
Options None
Order allow,deny
Allow from all
</Directory>
I also tried:
Alias /~nagios/ /usr/local/nagios/share/
<Directory "/usr/local/nagios/share/">
AllowOverride AuthConfig
Options None
Order allow,deny
Allow from all
</Directory>
Thank you...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20030220/a9d370cb/attachment.html>
More information about the Users
mailing list