another question

Andreas Ericsson ae at op5.se
Tue Jan 4 16:32:15 CET 2005

Previous message: another question
Next message: another question
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Joe Pruett wrote:
>>My remembrance of the setup documentation is that you add your web
>>server user to the nagioscmd group, not run the web server with the gid
>>of nagioscmd. They're very different and firmly based on standard unix
>>permission methodology. Actually quoting from the doccos --
>>
>>"Next we're going to create a new group whose members include the user
>>the web server is running as and the user Nagios is running as. Let's
>>say we call this new group 'nagiocmd' (you can name it differently if
>>you wish). On RedHat Linux you can use the following command to add a
>>new group (other systems may differ): 
>>
>>/usr/sbin/groupadd nagiocmd 
>>
>>Next, add the web server user (nobody or apache, etc) and the Nagios
>>user (nagios) to the newly created group with the following commands: 
>>
>>/usr/sbin/usermod -G nagiocmd nagios
>>/usr/sbin/usermod -G nagiocmd nobody"
>>
>> -- http://nagios.sourceforge.net/docs/2_0/commandfile.html --
>>
>>There is nothing that says run the web server as gid nagioscmd.
> 
> 
> if the web server isn't running with that gid in its effective list, it 
> does no good.  that is why you have to restart the server to pick up that 
> new gid.
> 
> i now see the comment at the top of the faq indicating that using cgiwrap 
> is recommended for multi user machines.  i'm still curious about nagios 
> having its own auth mechanism to help with this problem (and others as 
> well since .htaccess auth isn't the best method).
> 

With single-site and SSL it's never been disputed as insecure. However, 
I'm working on a PHP API (and a rough gui) which will indeed include 
authentication mechanisms.

> 
> 
> -------------------------------------------------------
> The SF.Net email is sponsored by: Beat the post-holiday blues
> Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
> It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt
> _______________________________________________
> Nagios-devel mailing list
> Nagios-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-devel
> 

-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Lead Developer


-------------------------------------------------------
The SF.Net email is sponsored by: Beat the post-holiday blues
Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek.
It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt

Previous message: another question
Next message: another question
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Developers mailing list