Apache suExec and /usr/local/nagios/etc permissions

Syed Ali syed at nec-labs.com
Thu Feb 20 20:56:05 CET 2003


Hi,

I tried $USER2$ in services.cfg as follows:

check_snmp!.1.3.6.1.2.1.25.3.3.1.2.1!$USER2$!0:90!0:95

But that does not work, i.e., I get a SNMP problem - No data received
from host error.
Perhaps it has to do with special characters in the SNMP or string....

Thank you...


-----Original Message-----
From: Subhendu Ghosh [mailto:sghosh at sghosh.org] 
Sent: Thursday, February 20, 2003 1:56 PM
To: nagios-users at lists.sourceforge.net
Subject: Re: [Nagios-users] Apache suExec and /usr/local/nagios/etc
permissions


Make sure apache and nagios have a common group membership and use group

permissions.

About SNMP community - if you have comon community strings across
devices, 
create a $USERx$ macro in resource.cfg for the community.  The CGIs do
not 
read resource.cfg.

-sg

On Thu, 20 Feb 2003, Syed Ali wrote:

> Hello,
> 
> I am running Apache 1.3.20 on RedHat 7.2.
> Apache runs under user 'apache'.
> Nagios is running under user 'nagios'.
> 
> However, unless I do not give world readable permissions to
> /usr/local/nagios/etc I cannot access the web interface for Nagios.
> If I give world readable permission to /usr/local/nagios/etc, then
users
> on the system can view the SNMP RO community in the services.cfg or
> checkcommands.cfg file.
> So, how do I go about not allowing my users to be able to read the
> /usr/local/nagios/etc directory?
> 
> I had disabled suExec on the httpd server for Cricket to run, but I am
> willing to give up cricket and enable suEexec.
> Reading the Apache suExec documentation, it looks like suExec works
with
> v2.0 of Apache and the virtual host directive, neither of which I am
> using.
> Also, it seems that suExec will work if you append the ~ but when I
set
> an alias as /~nagios /usr/local/nagios/share I get permission denied
> reading ~nagios/etc/htpasswd file.
> (Which means suExec is not working?)
> 
> 
> Paste from httpd.conf:
> 
>   ScriptAlias /nagios/cgi-bin /usr/local/nagios/sbin/
>     <Directory "/usr/local/nagios/sbin/">
>         AllowOverride AuthConfig
>         Options ExecCGI
>         Order allow,deny
>         Allow from all
>     </Directory>
>     Alias /nagios/ /usr/local/nagios/share/
>     <Directory "/usr/local/nagios/share/">
>         AllowOverride AuthConfig
>         Options None
>         Order allow,deny
>         Allow from all
>     </Directory>
> 
> I also tried:
> 
>   Alias /~nagios/ /usr/local/nagios/share/
>     <Directory "/usr/local/nagios/share/">
>         AllowOverride AuthConfig
>         Options None
>         Order allow,deny
>         Allow from all
>     </Directory>
> 
> Thank you...
> 
> 
> 

-- 




-------------------------------------------------------
This SF.net email is sponsored by: SlickEdit Inc. Develop an edge.
The most comprehensive and flexible code editor you can use.
Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial.
www.slickedit.com/sourceforge
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when
reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null


-------------------------------------------------------
This SF.net email is sponsored by: SlickEdit Inc. Develop an edge.
The most comprehensive and flexible code editor you can use.
Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial.
www.slickedit.com/sourceforge
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list