Everyone can issue commands on Service and Host - posible bug in nagios
Morris, Patrick
patrick.morris at hp.com
Thu Apr 13 17:49:35 CEST 2006
Sorry -- my mistake. Coffee first, then reply to emails. You're right;
those options should not allow commands to be executed, according to the
docs.
-----Original Message-----
From: Jan Tomasek [mailto:jan at tomasek.cz]
Sent: Thursday, April 13, 2006 7:23 AM
To: Morris, Patrick
Cc: nagios-users at lists.sourceforge.net
Subject: Re: [Nagios-users] Everyone can issue commands on Service and
Host - posible bug in nagios
Morris, Patrick wrote:
> You've authorized everyone for everything:
>
> authorized_for_all_services=*
> authorized_for_all_hosts=*
I hope not. In comment for those options is writen:
# GLOBAL HOST/SERVICE VIEW ACCESS
# These two options are comma-delimited lists of all usernames that
# can view information for all hosts and services that are being
# monitored. By default, users can only view information
# for hosts or services that they are contacts for (unless you
# you choose to not use authorization). You may use an asterisk (*)
# to authorize any user who has authenticated to the web server.
That paragraph is speaking only about viewing information not sending
commands. Or am I wrong?
--
-----------------------
Jan Tomasek aka Semik
http://www.tomasek.cz/
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list