Users able to see services their not authenticated for

[Marc Powell]

On Mar 27, 2009, at 2:46 AM, Tore Lønøy wrote:

>
> I tried to create a "no-contactgroup" which has no members:
> define contactgroup {
>         contactgroup_name       no-contactgroup
>         alias   Group with none-existing user
> }
>
>
> And the service:
> define service {
>         host_name       XXX
>         service_description     XXX
>         check_period    24x7
>         check_command   check_nrpe!XXX
>         contact_groups  no-contactgroup
>         notification_period     18x7
>         initial_state   o
> []...
> }
>
> And the host:
> define host {
>         host_name       XXX
>         alias   XXX
>         address XXX
>         parents XXX2
>         check_command   check-host-alive
>         contact_groups  support
> [...]
> }
>
> Neither the host or the service have a contacts variable defined.

This does help clarify. If that service is applied to that host, then  
'support' will indeed see that service but no one else will. Contacts  
for hosts will automatically see all services on that host  
(effectively they're at a higher level). See http://nagios.sourceforge.net/docs/3_0/cgiauth.html 
. That particular authorization can't be restricted AFAIK.

--
Marc


------------------------------------------------------------------------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null