<br><font size=2 face="sans-serif">I have several different application
areas that need there own views with Nagios. Flexibility on whether a user
can view or submit commands would be very helpful.</font>
<br>
<br><font size=3 face="Times New Roman">Steve Nuffer</font>
<br>
<br><font size=2 face="sans-serif">PS. I have also submitted other posts
on nagios-users on this particular subject.</font>
<div align=center>
<br></div>
<br>
<br>
<br>
<table width=100%>
<tr valign=top>
<td width=40%><font size=1 face="sans-serif"><b>"Marco Borsani"
<m.borsani@it.net></b> </font>
<p><font size=1 face="sans-serif">21-Mar-2005 10:05 AM</font>
<td width=59%>
<table width=100%>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">To</font></div>
<td><font size=1 face="sans-serif"><nagios-devel@lists.sourceforge.net></font>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">cc</font></div>
<td><font size=1 face="sans-serif"><nuffers@tsainc.com></font>
<tr valign=top>
<td>
<div align=right><font size=1 face="sans-serif">Subject</font></div>
<td><font size=1 face="sans-serif">R: [Nagios-devel] External Commands</font></table>
<br>
<table>
<tr valign=top>
<td>
<td></table>
<br></table>
<br>
<br>
<br><font size=2><tt>Probably Steve is talking about my post.... here it
is .<br>
<br>
---------------------------------------------------------------------<br>
I all<br>
My environment is quite complex, specially regarding security policies.<br>
I would use external commands via CGI interface, but I can not permit to
ALL<br>
nagios users.<br>
My httpd have been started from www (unix user); putting this user in the<br>
nagios group I permit to write the nagios.cmd file to everyone !<br>
I need to limit this "write access" only to one unix/apache user
only.<br>
Is it possible? How?<br>
I try to modify httpd.conf file, but .... I do not know how !<br>
Thanks<br>
Marco<br>
---------------------------------------------------------------------<br>
<br>
I need that only one user can schedule downtime, add comments, disable<br>
checks...and so on. Right now the users can do it on theirs hosts/services.<br>
This could be very dangerous because permit to "ingenuous" users
to make<br>
modifications which can stop the monitoring/notification.<br>
<br>
Marco<br>
<br>
-----Messaggio originale-----<br>
Da: nagios-devel-admin@lists.sourceforge.net<br>
[mailto:nagios-devel-admin@lists.sourceforge.net]Per conto di<br>
nuffers@tsainc.com<br>
Inviato: lunedi 21 marzo 2005 16.56<br>
A: nagios-devel@lists.sourceforge.net<br>
Oggetto: [Nagios-devel] External Commands<br>
<br>
<br>
<br>
There has been discussion on the nagios-users board about external execution<br>
of commands. If you a need to provide a user with a read only (no
ability<br>
to submit commands) view of Nagios, there currently isn't way that I have<br>
found.<br>
<br>
Example of this are:<br>
<br>
If you have a helpdesk and you only want them to be able to view<br>
services/hosts current status and not give external commands.<br>
An application administrator has their own services. There are other<br>
services such as disk space which are useful to them. They should only
have<br>
view and not be able to issue commands.<br>
<br>
If you define a contact-group for a service, they can view and issue a<br>
command.<br>
If you define a contact-group for a host, they can view and issue commands<br>
to the host and all services<br>
If you use escalation, the contact group can view and issue commands to
that<br>
object similar to above.<br>
<br>
What if the escalation portion was changed. If you are only identified
as a<br>
contact through escalation, you will only have a view and not the ability
to<br>
give commands? Not sure how much effort is involved but what do you
think?<br>
Are there plans to support this in another method OR have I missed<br>
something.<br>
<br>
Help appreciated.<br>
<br>
Steve Nuffer<br>
<br>
<br>
<br>
Transaction Systems Architects, Inc. 330 S.
108th Ave. Omaha, NE<br>
68154-2684<br>
(402) 390-7938 Fax (402) 778-1413 nuffers@tsainc.com<br>
This e-mail message and any attachments may contain confidential,<br>
proprietary or non-public information. This information is intended
solely<br>
for the designated recipient(s). If an addressing or transmission
error has<br>
misdirected this e-mail, please notify the sender immediately and destroy<br>
this e-mail. Any review, dissemination, use or reliance upon this<br>
information by unintended recipients is prohibited. Any opinions
expressed<br>
in this e-mail are those of the author personally.<br>
<br>
</tt></font>
<br>