another question
Joe Pruett
joey at clean.q7.com
Tue Jan 4 16:00:59 CET 2005
> My remembrance of the setup documentation is that you add your web
> server user to the nagioscmd group, not run the web server with the gid
> of nagioscmd. They're very different and firmly based on standard unix
> permission methodology. Actually quoting from the doccos --
>
> "Next we're going to create a new group whose members include the user
> the web server is running as and the user Nagios is running as. Let's
> say we call this new group 'nagiocmd' (you can name it differently if
> you wish). On RedHat Linux you can use the following command to add a
> new group (other systems may differ):
>
> /usr/sbin/groupadd nagiocmd
>
> Next, add the web server user (nobody or apache, etc) and the Nagios
> user (nagios) to the newly created group with the following commands:
>
> /usr/sbin/usermod -G nagiocmd nagios
> /usr/sbin/usermod -G nagiocmd nobody"
>
> -- http://nagios.sourceforge.net/docs/2_0/commandfile.html --
>
> There is nothing that says run the web server as gid nagioscmd.
if the web server isn't running with that gid in its effective list, it
does no good. that is why you have to restart the server to pick up that
new gid.
i now see the comment at the top of the faq indicating that using cgiwrap
is recommended for multi user machines. i'm still curious about nagios
having its own auth mechanism to help with this problem (and others as
well since .htaccess auth isn't the best method).
-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
More information about the Developers
mailing list