Everyone can issue commands on Service and Host - posible bug in nagios

Morris, Patrick patrick.morris at hp.com
Thu Apr 13 17:49:35 CEST 2006


Sorry -- my mistake.  Coffee first, then reply to emails.  You're right;
those options should not allow commands to be executed, according to the
docs.

-----Original Message-----
From: Jan Tomasek [mailto:jan at tomasek.cz] 
Sent: Thursday, April 13, 2006 7:23 AM
To: Morris, Patrick
Cc: nagios-users at lists.sourceforge.net
Subject: Re: [Nagios-users] Everyone can issue commands on Service and
Host - posible bug in nagios

Morris, Patrick wrote:
> You've authorized everyone for everything:
> 
> authorized_for_all_services=*
> authorized_for_all_hosts=*

I hope not. In comment for those options is writen:

# GLOBAL HOST/SERVICE VIEW ACCESS
# These two options are comma-delimited lists of all usernames that
# can view information for all hosts and services that are being
# monitored.  By default, users can only view information
# for hosts or services that they are contacts for (unless you
# you choose to not use authorization). You may use an asterisk (*)
# to authorize any user who has authenticated to the web server.

That paragraph is speaking only about viewing information not sending
commands. Or am I wrong?

-- 
-----------------------
Jan Tomasek aka Semik
http://www.tomasek.cz/


-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list