Public and Admin Permissions

Jeff Falgout JFalgout at co.jefferson.co.us
Mon Aug 12 17:10:17 CEST 2002


Yes, That's exactly what I am trying to accomplish.

I was trying to move the cmd.cgi file to a different directory, and I
was having problems.

I didn't consider auth on a single file.

Thanks for the Help

Jeff

>>> "Rusch, Daniel" <Daniel.Rusch at GlobalCrossing.com> 08/12/02 08:44AM
>>>
Yes, We have our site set up that way. Guests can view most things but
only
admins can change stuff.


I'm running apache so in httpd.conf:


ScriptAlias /nagios/cgi-bin/ /usr/local/nagios/sbin/
<Directory "/usr/local/nagios/sbin/">
    <Files cmd.cgi>
        AuthName "Nagios Access"
        AuthType Basic
        AuthUserFile /usr/local/nagios/etc/.htpasswd.users
        require valid-user
    </Files>
    Options ExecCGI
    Order allow,deny
    Allow from all
</Directory>

Alias /nagios/ /usr/local/nagios/share/
<Directory "/usr/local/nagios/share">
    Options None
    AllowOverride AuthConfig
    Order allow,deny
    Allow from all
</Directory>

I did this here instead of in an .htaccess file for two reasons:
1. The httpd.conf is loaded once, where as the .htaccess file is read
every
time access to the directory is requested.
2. It puts all the config stuff in one place

Next, to be able to actually view services etc on the Nagios site as a
guest, we need to add "guest" to the following (be careful where you
add
guest so that they can't make changes) in the cgi.cfg file in
/usr/local/nagios/etc :

default_user_name=guest

authorized_for_system_information=nagiosadmin,guest

authorized_for_configuration_information=nagiosadmin,guest

authorized_for_all_services=nagiosadmin,guest
authorized_for_all_hosts=nagiosadmin,guest

HTH

Dan

-----Original Message-----
From: Jeff Falgout [mailto:JFalgout at co.jefferson.co.us] 
Sent: Friday, August 09, 2002 9:49 AM
To: nagios-users at lists.sourceforge.net 
Subject: [Nagios-users] Public and Admin Permissions


I am trying to setup Nagios to allow all users on the network to view
the status of
hosts and services while restricting cgi's such as cmd.cgi to admins.
In other words, 
prompt for a password when the user tries to execute restricted cgi's.
I want to 
avoid having to force guest users to enter guest with a blank password
through basic
auth. 

Has anyone else done this, or is this even possible?

Any ideas? 




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf




More information about the Users mailing list