Restrict users to view certain hostgroups in c gi's
Carroll, Jim P [Contractor]
jcarro10 at sprintspectrum.com
Wed Dec 4 00:49:48 CET 2002
Ah, interesting. I'm using '*', as per the comments in cgi.cfg.
In my case, I actually *don't* want to partition viewing. But out of idle
curiosity, can you specify a contactgroup name there? Or do you have to use
individual names, as per htaccess.users? It would be great to be able to
add a username to as few places as possible, to keep administrative overhead
down to a dull roar.
Heh... now you've got me wondering whether I should be carving up the
viewing, too.
Very interesting.
jc
> -----Original Message-----
> From: Frater, Greg J [mailto:gjfrater at bechtel.com]
> Sent: Tuesday, December 03, 2002 2:24 PM
> To: Carroll, Jim P [Contractor]; 'JPP';
> nagios-users at lists.sourceforge.net
> Subject: RE: [Nagios-users] Restrict users to view certain
> hostgroups in
> c gi's
>
>
> Look in your cgi.cfg file at the settings for the following:
>
> authorized_for_all_hosts
> authorized_for_all_host_commands
> authorized_for_all_services
> authorized_for_all_service_commands
>
> Make sure you haven't specified users here allowing them to view all
> hosts/services etc. By default they can only see host and
> services that
> they own.
>
>
> -----Original Message-----
> From: Carroll, Jim P [Contractor] [mailto:jcarro10 at sprintspectrum.com]
> Sent: Tuesday, December 03, 2002 8:24 AM
> To: 'JPP'; nagios-users at lists.sourceforge.net
> Subject: RE: [Nagios-users] Restrict users to view certain
> hostgroups in
> c gi's
>
>
> Odd. I'm essentially doing this (basically the approach
> referenced in the
> docs) using .htpasswd and .htaccess and the requisite definition in
> httpd.conf. I'm using discrete contacts, contactgroups and
> hostgroups, and
> yet when I login, I can see everything. It's only when I try to do
> something (eg, acknowledge, comment) to a host outside of my
> group that I'm
> told I don't have permission.
>
> jc
>
> > -----Original Message-----
> > From: JPP [mailto:jpp at frws.com]
> > Sent: Monday, December 02, 2002 6:37 PM
> > To: nagios-users at lists.sourceforge.net
> > Subject: Re: [Nagios-users] Restrict users to view certain
> > hostgroups in
> > cgi's
> >
> >
> > Hi all!
> >
> > Yes you can do this! And use only 1 Nagios!
> >
> > Create 2 separate hostgroups and assign them as
> > contacts/Admins/whatever
> > for those 2 separate hostgroups.
> > And you have to give them 2 separate/distinct login names in
> > the Apache
> > htpasswd files or however you lock down the server
> directories/files.
> >
> > In a nutshell:
> >
> > 1. Create users in the Apache control/passwd file called Admin1 and
> > Admin2 (however you do this in your case)
> > 2. Create these users in contacts.cfg for each hostgroup
> you wish to
> > separate. Call them Admin1 and Admin2 also
> > 2. Create a group for each of them in contactgroups.cfg and
> > place them
> > and you as members in that group. Call them Admin1-Group and
> > Admin2-Group But do not place either of them in the others group.
> > 3. In the services.cfg file - separate the 2 groups using the
> > contact_groups option.
> > For Admin1-Server make the contact Admin1-Group
> > For Admin2-Server make the contact Admin2-Group
> >
> > I restarted Nagios - but may not have to...
> >
> > Login as Admin1 and see what you see. Shut down your browser
> > and login
> > as Admin2 and see what you can see. Should be limited to the
> > servers/services in their group!
> >
> > This works to make them only see the hosts assigned to
> their group IF:
> > 1. The user name in Nagios matches the username used by Apache to
> > authenticate them.
> > 2. The groups are separated totally from each other. They
> > cannot be on
> > any other group or list but the one you want them to view.
> >
> > We do not use literal .htpasswd files, but I am sure the
> > concept is the
> > same. We use the equivalent files right in the httpd.conf to
> > protect all
> > the Nagios directories. And only one file, actually - with
> > many names in it.
> >
> > Hope this does it for you!
> >
> > JPP
> >
> >
> > Carroll, Jim P [Contractor] wrote:
> >
> > > I think you're taking the right approach for what you're
> > trying to do. I'm
> > > not aware of any features in Nagios to enable security
> > through obscurity.
> > >
> > > jc
> > >
> > >
> > >>-----Original Message-----
> > >>From: Dushyanth Harinath [mailto:dushy at symonds.net]
> > >>Sent: Saturday, November 30, 2002 6:30 AM
> > >>To: nagios
> > >>Subject: [Nagios-users] Restrict users to view certain
> hostgroups in
> > >>cgi's
> > >>
> > >>
> > >>Hi guys,
> > >>
> > >>I want to restrict some users (http authenticated) to see only a
> > >>certain hostgroup. To make this work i have 2 separate copies
> > >>of nagios
> > >>on different locations with different cgi-url and
> html-url. And iam
> > >>running 2 instances of nagios with different set of
> > >>configuration files.
> > >>The reason why iam doing this is I have 2 set of users who
> > >>should'nt see each
> > >>others hosts information.
> > >>
> > >>Is it possible to achieve this with a single instance of
> nagios and
> > >>different set of configuration files. Or is there any other way ?
> > >>
> > >>TIA
> > >>Regards
> > >>Dushyanth
> > >>--
> > >>The Definition of an Upgrade: Take old bugs out, put new ones in.
> > >>
> > >>http://symonds.net/~dushy
> > >>
> > >>
> > >>-------------------------------------------------------
> > >>This SF.net email is sponsored by: Get the new Palm Tungsten T
> > >>handheld. Power & Color in a compact size!
> > >>http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
> > >>_______________________________________________
> > >>Nagios-users mailing list
> > >>Nagios-users at lists.sourceforge.net
> > >>https://lists.sourceforge.net/lists/listinfo/nagios-users
> > >>
> > >>
> > >
> > >
> > > -------------------------------------------------------
> > > This SF.net email is sponsored by: Get the new Palm Tungsten T
> > > handheld. Power & Color in a compact size!
> > > http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
> > > _______________________________________________
> > > Nagios-users mailing list
> > > Nagios-users at lists.sourceforge.net
> > > https://lists.sourceforge.net/lists/listinfo/nagios-users
> > >
> > >
> > >
> >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.net email is sponsored by: Get the new Palm Tungsten T
> > handheld. Power & Color in a compact size!
> > http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
> > _______________________________________________
> > Nagios-users mailing list
> > Nagios-users at lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/nagios-users
> >
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: Microsoft Visual Studio.NET
> comprehensive development tool, built to increase your
> productivity. Try a free online hosted session at:
> http://ads.sourceforge.net/cgi-bin/redirect.pl?micr0003en
> _______________________________________________
> Nagios-users mailing list
> Nagios-users at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/nagios-users
>
-------------------------------------------------------
This SF.net email is sponsored by: Microsoft Visual Studio.NET
comprehensive development tool, built to increase your
productivity. Try a free online hosted session at:
http://ads.sourceforge.net/cgi-bin/redirect.pl?micr0003en
More information about the Users
mailing list