Advanced permissions/user properties

Joerg Linge pitchfork at ederdrom.de
Sat Nov 11 11:03:57 CET 2006

Previous message: Advanced permissions/user properties
Next message: Advanced permissions/user properties
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Am Samstag, 11. November 2006 03:54 schrieb Alex Burger:
> On the Nagios-Users list there is a discussion on the same subject about
> adding advanced permissions to Nagios for hosts and services.  Users
> (including myself) were looking for a way to grant users the ability to
> view hosts, but not submit commands and to allow for more complex
> permissions.
>
> It made the most sense to model the permission system with how file
> system permissions are handled.  With file system permissions, we would
> assign a group to a folder, and then pick what rights the group would
> have. It made sense to do the same thing with Nagios in the
> contact_groups/contact option for hosts and services:
[...]
> If permissions are not set on the contact_groups or contact line, then
> the defaults will be used.  If there is no default_permissions option in
> cgi.cfg and nagios.cfg, then it will default to full permissions (the
> same checks that Nagios currently performs).
>
> Here is a description of the option for cgi.cfg and nagios.cfg:
>
> # DEFAULT HOST/SERVICE PERMISSIONS
> # This option contains a list of default permissions for hosts and
> # services that will be used when permissions are not explicitly
> # set on a host or service.  When not defined, the default is all
> # permissions (rwxn).  Note:  This option must be set the same in
> # both cgi.cfg and nagios.cfg.
>
> #default_permissions=rwxn

I think the default perms should be added to a contact or contactgroup.

So i can give the Contact "netop" the Perms "r n" globaly.

define contact{
   contact_name netop 
   permissions r,n
....
}

or 

define contactgroup{
   contactgroup_name netpos
   member   netop
   permissions	r,n
   ....
}


> As you can see, the option needs to be in both config files although I
> would prefer to have it only in nagios.cfg.  It is needed in nagios.cfg
> for base/notifications.c which has nothing to do with the cgi.  If
> someone knows how to combine the two, please let me know.
>
> I also changed how services are displayed.  If you are not a contact for
> a service (you do not have the 'r' permission), then the service will
> not be displayed.  I prefer to have it this way so I can prevent some
> admins from seeing services such as a the service I use to receive SNMP
> traps.  The problem with this right now is that even though the user
> only sees the services they has permissions for, as long as the user has
> rx permissions to the host, the user can do a 'Enable notifications for
> all services on this host' which will do ALL services.
>
> If this patch is accepted, then we will have to add permission checks to
> the commands that process child objects.
>
> Attached are patches for Nagios 2.5 and 3.0 (CVS as of 11/6/06).

I will test the patch with the latest 3.0 CVS next Week.
Thanks Alex ! Great work.

And thanks for snmptt :-)

Jörg


-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Nagios-devel mailing list
Nagios-devel at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-devel

Previous message: Advanced permissions/user properties
Next message: Advanced permissions/user properties
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Developers mailing list