Restrict users to view certain hostgroups in cgi's

JPP jpp at frws.com
Tue Dec 3 01:36:32 CET 2002


Hi all!

Yes you can do this! And use only 1 Nagios!

Create 2 separate hostgroups and assign them as contacts/Admins/whatever 
for those 2 separate hostgroups.
And you have to give them 2 separate/distinct login names in the Apache 
htpasswd files or however you lock down the server directories/files.

In a nutshell:

1. Create users in the Apache control/passwd file called Admin1 and 
Admin2 (however you do this in your case)
2. Create these users in contacts.cfg for each hostgroup you wish to 
separate. Call them Admin1 and Admin2 also
2. Create a group for each of them in contactgroups.cfg and place them 
and you as members in that group. Call them Admin1-Group and 
Admin2-Group But do not place either of them in the others group.
3. In the services.cfg file - separate the 2 groups using the 
contact_groups option.
For Admin1-Server make the contact Admin1-Group
For Admin2-Server make the contact Admin2-Group

I restarted Nagios - but may not have to...

Login as Admin1 and see what you see. Shut down your browser and login 
as Admin2 and see what you can see. Should be limited to the 
servers/services in their group!

This works to make them only see the hosts assigned to their group IF:
1. The user name in Nagios matches the username used by Apache to 
authenticate them.
2. The groups are separated totally from each other. They cannot be on 
any other group or list but the one you want them to view.

We do not use literal .htpasswd files, but I am sure the concept is the 
same. We use the equivalent files right in the httpd.conf to protect all 
the Nagios directories. And only one file, actually - with many names in it.

Hope this does it for you!

JPP


Carroll, Jim P [Contractor] wrote:

> I think you're taking the right approach for what you're trying to do.  I'm
> not aware of any features in Nagios to enable security through obscurity.
> 
> jc
> 
> 
>>-----Original Message-----
>>From: Dushyanth Harinath [mailto:dushy at symonds.net]
>>Sent: Saturday, November 30, 2002 6:30 AM
>>To: nagios
>>Subject: [Nagios-users] Restrict users to view certain hostgroups in
>>cgi's
>>
>>
>>Hi guys,
>>
>>I want to restrict some users (http authenticated) to see only a
>>certain hostgroup. To make this work i have 2 separate copies 
>>of nagios
>>on different locations with different cgi-url and html-url. And iam
>>running 2 instances of nagios with different set of 
>>configuration files.
>>The reason why iam doing this is I have 2 set of users who 
>>should'nt see each
>>others hosts information.
>>
>>Is it possible to achieve this with a single instance of nagios and
>>different set of configuration files. Or is there any other way ?
>>
>>TIA
>>Regards
>>Dushyanth
>>-- 
>>The Definition of an Upgrade: Take old bugs out, put new ones in.
>>
>>http://symonds.net/~dushy
>>
>>
>>-------------------------------------------------------
>>This SF.net email is sponsored by: Get the new Palm Tungsten T 
>>handheld. Power & Color in a compact size! 
>>http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
>>_______________________________________________
>>Nagios-users mailing list
>>Nagios-users at lists.sourceforge.net
>>https://lists.sourceforge.net/lists/listinfo/nagios-users
>>
>>
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: Get the new Palm Tungsten T 
> handheld. Power & Color in a compact size! 
> http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
> 
> 
> 




-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T 
handheld. Power & Color in a compact size! 
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en




More information about the Users mailing list