Hello, AFAIK, when a user is contact for a host or service she can issue any command she wants for that host/service. I would be glad to hear someone contradicting me :-) Cyrille <table width=100%> <tr valign=top> <td width=40%>"Luca Olivotto" <lolivotto@gmail.com> Envoyé par : nagios-users-bounces@lists.sourceforge.net 12/10/2007 10:36 <td width=59%> <table width=100%> <tr> <td> <div align=right>A</div> <td valign=top>nagios-users@lists.sourceforge.net <tr> <td> <div align=right>cc</div> <td valign=top> <tr> <td> <div align=right>Objet</div> <td valign=top>[Nagios-users] How to limit access to external command</table> <table> <tr valign=top> <td> <td></table> </table> <tt>Hi all, i have enabled the external command and all work fine. now i wanto to limit the execution of external commands trought web interface to only few users but i don't know how can i do. I have 2 "users": - web: this is the admin, it work great no problem with this user(is only an apache user) - LucaGmail : this is the user that access the nagios web interface and i want to limit, it can view only the service and host associated to it (this is good) and can execute external commands (this is not good); (LucaGmail is a "contact" for nagios and an apache user). How can i limit the execution of external command? below you can see some configuration of my installation: in cgi.cfg I set "use_authentication" to 1 default_user_name=nagiosadmin authorized_for_system_information=nagiosadmin,theboss,jdoe,web authorized_for_system_commands=nagiosadmin,web authorized_for_configuration_information=nagiosadmin,jdoe,web authorized_for_all_services=nagiosadmin,guest,web authorized_for_all_hosts=nagiosadmin,guest,web authorized_for_all_host_commands=nagiosadmin,web authorized_for_all_service_commands=nagiosadmin,web and in the htpasswd.user there are 2 users: web LucaGmail in the httpd.conf ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin" <Directory "/usr/local/nagios/sbin"> Options ExecCGI FollowSymLinks AllowOverride None Order allow,deny Allow from all AuthName "Nagios Access" AuthType Basic AuthUserFile /usr/local/nagios/etc/htpasswd.users Require valid-user </Directory> an ls -la of "rw" directory give me: drwxrws--- 2 nagios nagcmd 4096 Oct 11 16:10 . drwxrwxr-x 5 nagios nagcmd 4096 Oct 12 10:19 .. prw-rw---- 1 nagios nagcmd 0 Oct 11 17:32 nagios.cmd in the nagcmd group there are these users: -apache (webserver user) -nagios sorry for my english... if you need more info ask without problem Thank you bye Luca ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null </tt>