CGI authorizations

Andrew Cruse andrew at profitability.net
Fri Apr 15 22:50:09 CEST 2005

Previous message: CGI authorizations
Next message: Need help with code...
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

nagios-users-admin at lists.sourceforge.net wrote:
> On Fri, Apr 15, 2005 at 02:33:07PM -0500, Marc Powell wrote:
>> What are you trying to accomplish? Under normal circumstances you'd
>> just add them as a contact for the hostgroups that they're
>> responsible for. The authorization lines in cgi.cfg are generally
>> for the special exceptions.
> 
> NOC should be able to do commands for any host or any
> service, as well as the 'extended info' (they need to be able
> to view the event log).
> 
> The Support Center should be able to view all hosts and
> services, but not run commands.
> 
> All core Sysadmins should be able to view all and and run
> commands on any host regardless of whether we're the contact for it.
> 
> Then all other tech contacts only need access to their own hosts.

Here's how I've done it:

Define 3 contact groups:  NOC, Support, and Sysadmins, plus contact
groups for each of your "other tech contacts."
Create each of the users in each of the groups
Create an .htgroup file with two groups, one for "full access" and one
for "read-only."  You can call them anything, of course.  Then make your
.htaccess file look something like this:

AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
AuthGroupFile /usr/local/nagios/etc/htpasswd.groups
require valid-user
<Files cmd.cgi>
require group administrators
</Files>

Be sure that you put a copy of that in the nagios/share and nagios/sbin
directories.  The "administrators" group is the "full access" group you
defined in your .htgroup file.  This will allow your "full access"
people to run external commands, but will prevent your "read-only" users
from doing so.

Andrew



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: CGI authorizations
Next message: Need help with code...
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list