Restrict users to view certain hostgroups in c gi's
Frater, Greg J
gjfrater at bechtel.com
Tue Dec 3 21:23:47 CET 2002
Look in your cgi.cfg file at the settings for the following:
authorized_for_all_hosts
authorized_for_all_host_commands
authorized_for_all_services
authorized_for_all_service_commands
Make sure you haven't specified users here allowing them to view all
hosts/services etc. By default they can only see host and services that
they own.
-----Original Message-----
From: Carroll, Jim P [Contractor] [mailto:jcarro10 at sprintspectrum.com]
Sent: Tuesday, December 03, 2002 8:24 AM
To: 'JPP'; nagios-users at lists.sourceforge.net
Subject: RE: [Nagios-users] Restrict users to view certain hostgroups in
c gi's
Odd. I'm essentially doing this (basically the approach referenced in the
docs) using .htpasswd and .htaccess and the requisite definition in
httpd.conf. I'm using discrete contacts, contactgroups and hostgroups, and
yet when I login, I can see everything. It's only when I try to do
something (eg, acknowledge, comment) to a host outside of my group that I'm
told I don't have permission.
jc
> -----Original Message-----
> From: JPP [mailto:jpp at frws.com]
> Sent: Monday, December 02, 2002 6:37 PM
> To: nagios-users at lists.sourceforge.net
> Subject: Re: [Nagios-users] Restrict users to view certain
> hostgroups in
> cgi's
>
>
> Hi all!
>
> Yes you can do this! And use only 1 Nagios!
>
> Create 2 separate hostgroups and assign them as
> contacts/Admins/whatever
> for those 2 separate hostgroups.
> And you have to give them 2 separate/distinct login names in
> the Apache
> htpasswd files or however you lock down the server directories/files.
>
> In a nutshell:
>
> 1. Create users in the Apache control/passwd file called Admin1 and
> Admin2 (however you do this in your case)
> 2. Create these users in contacts.cfg for each hostgroup you wish to
> separate. Call them Admin1 and Admin2 also
> 2. Create a group for each of them in contactgroups.cfg and
> place them
> and you as members in that group. Call them Admin1-Group and
> Admin2-Group But do not place either of them in the others group.
> 3. In the services.cfg file - separate the 2 groups using the
> contact_groups option.
> For Admin1-Server make the contact Admin1-Group
> For Admin2-Server make the contact Admin2-Group
>
> I restarted Nagios - but may not have to...
>
> Login as Admin1 and see what you see. Shut down your browser
> and login
> as Admin2 and see what you can see. Should be limited to the
> servers/services in their group!
>
> This works to make them only see the hosts assigned to their group IF:
> 1. The user name in Nagios matches the username used by Apache to
> authenticate them.
> 2. The groups are separated totally from each other. They
> cannot be on
> any other group or list but the one you want them to view.
>
> We do not use literal .htpasswd files, but I am sure the
> concept is the
> same. We use the equivalent files right in the httpd.conf to
> protect all
> the Nagios directories. And only one file, actually - with
> many names in it.
>
> Hope this does it for you!
>
> JPP
>
>
> Carroll, Jim P [Contractor] wrote:
>
> > I think you're taking the right approach for what you're
> trying to do. I'm
> > not aware of any features in Nagios to enable security
> through obscurity.
> >
> > jc
> >
> >
> >>-----Original Message-----
> >>From: Dushyanth Harinath [mailto:dushy at symonds.net]
> >>Sent: Saturday, November 30, 2002 6:30 AM
> >>To: nagios
> >>Subject: [Nagios-users] Restrict users to view certain hostgroups in
> >>cgi's
> >>
> >>
> >>Hi guys,
> >>
> >>I want to restrict some users (http authenticated) to see only a
> >>certain hostgroup. To make this work i have 2 separate copies
> >>of nagios
> >>on different locations with different cgi-url and html-url. And iam
> >>running 2 instances of nagios with different set of
> >>configuration files.
> >>The reason why iam doing this is I have 2 set of users who
> >>should'nt see each
> >>others hosts information.
> >>
> >>Is it possible to achieve this with a single instance of nagios and
> >>different set of configuration files. Or is there any other way ?
> >>
> >>TIA
> >>Regards
> >>Dushyanth
> >>--
> >>The Definition of an Upgrade: Take old bugs out, put new ones in.
> >>
> >>http://symonds.net/~dushy
> >>
> >>
> >>-------------------------------------------------------
> >>This SF.net email is sponsored by: Get the new Palm Tungsten T
> >>handheld. Power & Color in a compact size!
> >>http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
> >>_______________________________________________
> >>Nagios-users mailing list
> >>Nagios-users at lists.sourceforge.net
> >>https://lists.sourceforge.net/lists/listinfo/nagios-users
> >>
> >>
> >
> >
> > -------------------------------------------------------
> > This SF.net email is sponsored by: Get the new Palm Tungsten T
> > handheld. Power & Color in a compact size!
> > http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
> > _______________________________________________
> > Nagios-users mailing list
> > Nagios-users at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/nagios-users
> >
> >
> >
>
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Get the new Palm Tungsten T
> handheld. Power & Color in a compact size!
> http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
>
-------------------------------------------------------
This SF.net email is sponsored by: Microsoft Visual Studio.NET
comprehensive development tool, built to increase your
productivity. Try a free online hosted session at:
http://ads.sourceforge.net/cgi-bin/redirect.pl?micr0003en
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
-------------------------------------------------------
This SF.net email is sponsored by: Microsoft Visual Studio.NET
comprehensive development tool, built to increase your
productivity. Try a free online hosted session at:
http://ads.sourceforge.net/cgi-bin/redirect.pl?micr0003en
More information about the Users
mailing list