R: R: External Commands via CGI interface

[Marco Borsani]

Another related question...

Now all the users can perform external commands, but our policies do not
want to permit it.
I supposed that this could be possible only for users listed in cgi.cfg file
, in lines

# GLOBAL HOST/SERVICE COMMAND ACCESS
authorized_for_all_service_commands=nagiosadmin,marco
authorized_for_all_host_commands=nagiosadmin,marco

This is not true!

How can I implement these limits?

Thanks
Marco

-}-----Messaggio originale-----
-}Da: nagios-users-admin at lists.sourceforge.net
-}[mailto:nagios-users-admin at lists.sourceforge.net]Per conto di Marco
-}Borsani
-}Inviato: mercoledi 16 marzo 2005 14.32
-}A: Peter J. Holzer; nagios-users
-}Oggetto: R: R: [Nagios-users] External Commands via CGI interface
-}
-}
-}Well
-}
-}I have readen the docs when I installed all my environment (2 years ago),
-}but I did not understand what you explain to me in your sentence "The CGI
-}script will always run as the same user as the web server".
-}Now I solve the problem.
-}Thanks
-}
-}Marco
-}
-}-}-----Messaggio originale-----
-}-}Da: nagios-users-admin at lists.sourceforge.net
-}-}[mailto:nagios-users-admin at lists.sourceforge.net]Per conto di Peter J.
-}-}Holzer
-}-}Inviato: mercoledi 16 marzo 2005 10.35
-}-}A: nagios-users
-}-}Oggetto: Re: R: [Nagios-users] External Commands via CGI interface
-}-}
-}-}
-}-}On 2005-03-16 10:16:08 +0100, Marco Borsani wrote:
-}-}> I submit commands with "marco" user, that is inside of nagios group:
-}-}> # id marco
-}-}> uid=101(marco) gid=200(nagios) groups=20(users)
-}-}
-}-}Who is "I"? If you mean you authenticated as "marco" to the webserver,
-}-}this is completely irrelevant. The CGI script will always run as the
-}-}same user as the web server or - if your web server is using suexec or a
-}-}similar mechanism - as the user it is configured to run.
-}-}
-}-}Please:
-}-}
-}-}* Read the docs.
-}-}
-}-}* Read the archives of this list (that question is answered at least
-}-}  twice each month) and whatever else google shows.
-}-}
-}-}* Read the configuration of your webserver (If you don't understand your
-}-}  webserver configuration, read the docs of your webserver, too).
-}-}
-}-}> Moreover I add rx permissions to "other" for rw directory, but
-}-}this should
-}-}> be unusefull.
-}-}
-}-}I guess it would change the error message slightly.
-}-}
-}-}	hp
-}-}
-}-}--
-}-}   _  | Peter J. Holzer \Beta means "we're down to fixing
-}-}misspelled comments in
-}-}|_|_) | Sysadmin WSR     \the source, and you might run into a
-}-}memory leak if
-}-}| |   | hjp at wsr.ac.at     \you enable embedded haskell as a
-}-}loadable module and
-}-}__/   | http://www.hjp.at/ \write your plugins upside-down in
-}-}lisp". --ae at op5.se
-}-}
-}
-}
-}
-}-------------------------------------------------------
-}SF email is sponsored by - The IT Product Guide
-}Read honest & candid reviews on hundreds of IT Products from real users.
-}Discover which products truly live up to the hype. Start reading now.
-}http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
-}_______________________________________________
-}Nagios-users mailing list
-}Nagios-users at lists.sourceforge.net
-}https://lists.sourceforge.net/lists/listinfo/nagios-users
-}::: Please include Nagios version, plugin version (-v) and OS
-}when reporting any issue.
-}::: Messages without supporting info will risk being sent to /dev/null



-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null