How limit external commands to no-admin users?

Balestra, Roberto Roberto.Balestra at getronics.com
Mon Mar 21 12:54:36 CET 2005
Previous message: R: How limit external commands to no-admin users?
Next message: editing the CGI
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Yes that's right. But you can do so.
The owner of all your hosts/service is your user that you want be able to change status/comment/downtime...
Put in the variable into cgi.cfg file users that can watch your service.
In my example I forget "user *can't* write".
If I don't explain me, please write me in italian, my english is very bad (sorry, I'm studing)
Bye
	Roberto

> -----Original Message-----
> From: Marco Borsani [mailto:m.borsani at it.net]
> Sent: lunedì 21 marzo 2005 11.55
> To: Balestra, Roberto; nagios-users
> Subject: R: [Nagios-users] How limit external commands to no-admin
> users?
> 
> 
> No, nagios does not work in that way.
> 
> That "option is s a comma-delimited list of all usernames that
> have access to viewing the Nagios process information", also 
> the options
> "authorized_for_all_service_commands=...." and
> "authorized_for_all_host_commands=..." are not strong enought for me.
> 
> I need that only one user can schedul downtime, add comments, disable
> checks...and so on. Right now the users can do it on theirs 
> hosts/services.
> This could be very dangerous because permit to "ingenuous" 
> users to make
> modifications which can stop the monitoring/notification.
> 
> Marco
> 
> 
> 
> -}-----Messaggio originale-----
> -}Da: nagios-users-admin at lists.sourceforge.net
> -}[mailto:nagios-users-admin at lists.sourceforge.net]Per conto 
> di Balestra,
> -}Roberto
> -}Inviato: lunedì 21 marzo 2005 11.08
> -}A: nagios-users
> -}Oggetto: RE: [Nagios-users] How limit external commands to no-admin
> -}users?
> -}
> -}
> -}Hi,
> -}you can limit who write in nagios.cmd using variable in cgi.cfg
> -}     authorized_for_system_information=user_can_write_nagios.cmd
> -}where "user_can_write_nagios.cmd" is the user you want.
> -}Bye
> -}	Roberto
> -}
> -}> -----Original Message-----
> -}> From: nagios-users-admin at lists.sourceforge.net
> -}> [mailto:nagios-users-admin at lists.sourceforge.net]On 
> Behalf Of Marco
> -}> Borsani
> -}> Sent: lunedì 21 marzo 2005 9.33
> -}> To: Ben Polson; nagios-users
> -}> Subject: R: [Nagios-users] How limit external commands to no-admin
> -}> users?
> -}>
> -}>
> -}> Nothing change...
> -}> I still can perform external commands
> -}>
> -}> Marco
> -}>
> -}> -}-----Messaggio originale-----
> -}> -}Da: nagios-users-admin at lists.sourceforge.net
> -}> -}[mailto:nagios-users-admin at lists.sourceforge.net]Per conto
> -}> di Ben Polson
> -}> -}Inviato: venerdi 18 marzo 2005 18.08
> -}> -}A: nagios-users
> -}> -}Oggetto: RE: [Nagios-users] How limit external commands 
> to no-admin
> -}> -}users?
> -}> -}
> -}> -}
> -}> -}Try:
> -}> -}
> -}> -}    <Directory /usr/local/nagios/var/rw>
> -}> -}        AllowOverride None
> -}> -}        Options None
> -}> -}        Order Allow,Deny
> -}> -}        Allow from 10.212.0.0/255.255.255.0
> -}> -}    </Directory>
> -}> -}
> -}> -}-Ben.
> -}> -}
> -}> -}
> -}> -}-----Original Message-----
> -}> -}From: nagios-users-admin at lists.sourceforge.net
> -}> -}[mailto:nagios-users-admin at lists.sourceforge.net]On 
> Behalf Of Marco
> -}> -}Borsani
> -}> -}Sent: Friday, March 18, 2005 8:37 AM
> -}> -}To: nagios-users
> -}> -}Subject: R: [Nagios-users] How limit external commands 
> to no-admin
> -}> -}users?
> -}> -}
> -}> -}
> -}> -}I try to limit all users connected from a specific 
> network, with the
> -}> -}followinf lines inside the httpd.conf, but nothing happen!
> -}> -}
> -}> -}    <Directory /usr/local/nagios/var/rw>
> -}> -}        AllowOverride None
> -}> -}        Options None
> -}> -}        Order Deny,Allow
> -}> -}        Deny from all
> -}> -}        Allow from 10.212.0.0/255.255.255.0
> -}> -}    </Directory>
> -}> -}
> -}> -}Why these lines have not impact on my environment?
> -}> -}
> -}> -}Marco
> -}> -}
> -}> -}-}-----Messaggio originale-----
> -}> -}-}Da: nagios-users-admin at lists.sourceforge.net
> -}> -}-}[mailto:nagios-users-admin at lists.sourceforge.net]Per
> -}> conto di Marco
> -}> -}-}Borsani
> -}> -}-}Inviato: giovedi 17 marzo 2005 11.33
> -}> -}-}A: nagios-users
> -}> -}-}Oggetto: [Nagios-users] How limit external commands to
> -}> no-admin users?
> -}> -}-}
> -}> -}-}
> -}> -}-}
> -}> -}-}Hi all
> -}> -}-}
> -}> -}-}My environment is quite complex, specially regarding
> -}> security policies.
> -}> -}-}
> -}> -}-}I would use external commands via CGI interface, but I can not
> -}> -}-}permit to ALL
> -}> -}-}nagios users.
> -}> -}-}
> -}> -}-}My httpd have been started from www (unix user); putting this
> -}> -}user in the
> -}> -}-}nagios group I permit to write the nagios.cmd file to 
> everyone !
> -}> -}-}
> -}> -}-}I need to limit this "write access" only to a unix/apache
> -}> user only.
> -}> -}-}
> -}> -}-}Is it possible? How?
> -}> -}-}
> -}> -}-}I try to modify httpd.conf file, but .... I do not know how !
> -}> -}-}
> -}> -}-}Thanks
> -}> -}-}Marco
> -}> -}-}
> -}> -}-}
> -}> -}-}
> -}> -}-}-------------------------------------------------------
> -}> -}-}SF email is sponsored by - The IT Product Guide
> -}> -}-}Read honest & candid reviews on hundreds of IT Products
> -}> from real users.
> -}> -}-}Discover which products truly live up to the hype. Start
> -}> reading now.
> -}> -}-}http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> -}> -}-}_______________________________________________
> -}> -}-}Nagios-users mailing list
> -}> -}-}Nagios-users at lists.sourceforge.net
> -}> -}-}https://lists.sourceforge.net/lists/listinfo/nagios-users
> -}> -}-}::: Please include Nagios version, plugin version (-v) and OS
> -}> -}-}when reporting any issue.
> -}> -}-}::: Messages without supporting info will risk being sent
> -}> to /dev/null
> -}> -}
> -}> -}
> -}> -}
> -}> -}-------------------------------------------------------
> -}> -}SF email is sponsored by - The IT Product Guide
> -}> -}Read honest & candid reviews on hundreds of IT Products
> -}> from real users.
> -}> -}Discover which products truly live up to the hype. Start
> -}> reading now.
> -}> -}http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> -}> -}_______________________________________________
> -}> -}Nagios-users mailing list
> -}> -}Nagios-users at lists.sourceforge.net
> -}> -}https://lists.sourceforge.net/lists/listinfo/nagios-users
> -}> -}::: Please include Nagios version, plugin version (-v) and OS
> -}> -}when reporting
> -}> -}any issue.
> -}> -}::: Messages without supporting info will risk being sent
> -}> to /dev/null
> -}> -}
> -}> -}
> -}> -}
> -}> -}
> -}> -}
> -}> -}-------------------------------------------------------
> -}> -}SF email is sponsored by - The IT Product Guide
> -}> -}Read honest & candid reviews on hundreds of IT Products
> -}> from real users.
> -}> -}Discover which products truly live up to the hype. Start
> -}> reading now.
> -}> -}http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> -}> -}_______________________________________________
> -}> -}Nagios-users mailing list
> -}> -}Nagios-users at lists.sourceforge.net
> -}> -}https://lists.sourceforge.net/lists/listinfo/nagios-users
> -}> -}::: Please include Nagios version, plugin version (-v) and OS
> -}> -}when reporting any issue.
> -}> -}::: Messages without supporting info will risk being sent
> -}> to /dev/null
> -}>
> -}>
> -}>
> -}> -------------------------------------------------------
> -}> SF email is sponsored by - The IT Product Guide
> -}> Read honest & candid reviews on hundreds of IT Products from
> -}> real users.
> -}> Discover which products truly live up to the hype. Start 
> reading now.
> -}> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> -}> _______________________________________________
> -}> Nagios-users mailing list
> -}> Nagios-users at lists.sourceforge.net
> -}> https://lists.sourceforge.net/lists/listinfo/nagios-users
> -}> ::: Please include Nagios version, plugin version (-v) and OS
> -}> when reporting any issue.
> -}> ::: Messages without supporting info will risk being sent 
> to /dev/null
> -}>
> -}
> -}
> -}-------------------------------------------------------
> -}SF email is sponsored by - The IT Product Guide
> -}Read honest & candid reviews on hundreds of IT Products 
> from real users.
> -}Discover which products truly live up to the hype. Start 
> reading now.
> -}http://ads.osdn.com/?ad_ide95&alloc_id396&op=ick
> -}_______________________________________________
> -}Nagios-users mailing list
> -}Nagios-users at lists.sourceforge.net
> -}https://lists.sourceforge.net/lists/listinfo/nagios-users
> -}::: Please include Nagios version, plugin version (-v) and OS
> -}when reporting any issue.
> -}::: Messages without supporting info will risk being sent 
> to /dev/null
> 
> 


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null
Previous message: R: How limit external commands to no-admin users?
Next message: editing the CGI
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users mailing list