External Commands

[nuffers at tsainc.com]

I have several different application areas that need there own views with 
Nagios. Flexibility on whether a user can view or submit commands would be 
very helpful.

Steve Nuffer

PS. I have also submitted other posts on nagios-users on this particular 
subject.




"Marco Borsani" <m.borsani at it.net> 
21-Mar-2005 10:05 AM

To
<nagios-devel at lists.sourceforge.net>
cc
<nuffers at tsainc.com>
Subject
R: [Nagios-devel] External Commands






Probably Steve is talking about my post.... here it is .

---------------------------------------------------------------------
I all
My environment is quite complex, specially regarding security policies.
I would use external commands via CGI interface, but I can not permit to 
ALL
nagios users.
My httpd have been started from www (unix user); putting this user in the
nagios group I permit to write the nagios.cmd file to everyone !
I need to limit this "write access" only to one unix/apache user only.
Is it possible? How?
I try to modify httpd.conf file, but .... I do not know how !
Thanks
Marco
---------------------------------------------------------------------

I need that only one user can schedule downtime, add comments, disable
checks...and so on. Right now the users can do it on theirs 
hosts/services.
This could be very dangerous because permit to "ingenuous" users to make
modifications which can stop the monitoring/notification.

Marco

-----Messaggio originale-----
Da: nagios-devel-admin at lists.sourceforge.net
[mailto:nagios-devel-admin at lists.sourceforge.net]Per conto di
nuffers at tsainc.com
Inviato: lunedi 21 marzo 2005 16.56
A: nagios-devel at lists.sourceforge.net
Oggetto: [Nagios-devel] External Commands



There has been discussion on the nagios-users board about external 
execution
of commands.  If you a need to provide a user with a read only (no ability
to submit commands) view of Nagios, there currently isn't way that I have
found.

Example of this are:

If you have a helpdesk and you only want them to be able to view
services/hosts current status and not give external commands.
An application administrator has their own services.  There are other
services such as disk space which are useful to them. They should only 
have
view and not be able to issue commands.

If you define a contact-group for a service, they can view and issue a
command.
If you define a contact-group for a host, they can view and issue commands
to the host and all services
If you use escalation, the contact group can view and issue commands to 
that
object similar to above.

What if the escalation portion was changed.  If you are only identified as 
a
contact through escalation, you will only have a view and not the ability 
to
give commands?  Not sure how much effort is involved but what do you 
think?
Are there plans to support this in another method  OR have I missed
something.

Help appreciated.

Steve Nuffer



Transaction Systems Architects, Inc.        330 S. 108th Ave.    Omaha, NE
68154-2684
 (402) 390-7938    Fax (402) 778-1413    nuffers at tsainc.com
This e-mail message and any attachments may contain confidential,
proprietary or non-public information.  This information is intended 
solely
for the designated recipient(s).  If an addressing or transmission error 
has
misdirected this e-mail, please notify the sender immediately and destroy
this e-mail.  Any review, dissemination, use or reliance upon this
information by unintended recipients is prohibited.  Any opinions 
expressed
in this e-mail are those of the author personally.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/developers/attachments/20050321/44e899ab/attachment.html>