Multiple Users

rob at capband.net rob at capband.net
Wed Jan 14 14:38:30 CET 2004 

> Auth is indeed enabled and if I login as nagiosadmin I can see all services.
> I want this person to only see a single host that I am monitoring.  Is this
> possible?  What am I missing :)

I'm not sure if you've gotten a reply yet (my #@!% laptop is broke AGAIN and I'm stuck with webmail), but what you want to do is either look thru cgi.cfg for:

# GLOBAL HOST/SERVICE VIEW ACCESS
# These two options are comma-delimited lists of all usernames that
# can view information for all hosts and services that are being
# monitored.  By default, users can only view information
# for hosts or services that they are contacts for (unless you
# you choose to not use authorization). You may use an asterisk (*)
# to authorize any user who has authenticated to the web server.

authorized_for_all_services=*
authorized_for_all_hosts=*


Change those last two lines, preferably to some sort of "global" account that you and your boss/coworker might have, not a login that's shared with any of the restricted departments. The above gives access to look at the services/hosts, the section below gives access to the commands (like downtime or comments) associated with them, so you'll want to change it to:

# GLOBAL HOST/SERVICE COMMAND ACCESS
# These two options are comma-delimited lists of all usernames that
# can issue host or service related commands via the command
# CGI (cmd.cgi) for all hosts and services that are being monitored.
# By default, users can only issue commands for hosts or services
# that they are contacts for (unless you you choose to not use
# authorization).  You may use an asterisk (*) to authorize any
# user who has authenticated to the web server.

authorized_for_all_service_commands=*
authorized_for_all_host_commands=*



Once you change those, you'll want to modify hostgroups.cfg - I won't paste my hostlists as most groups have 50+ devices, but you can figure out the last two lines from the sample cfg file:

define hostgroup{
        hostgroup_name  shellbrook
        alias           Shellbrook Equipment
        contact_groups  radio-admins


Only members of "radio-admins" will be able to view these services. Who are they? Yet another file, contactgroups.cfg:

define contactgroup{
        contactgroup_name       radio-admins
        alias                   Radio/Site Administrators
        members                 rob, brad, boris, jeffw, awilliams, peter
        }


Who are the members, you ask? Glad you did, there's one more file :)  contacts.cfg:

define contact{
        contact_name                    rob
        alias                           Rob Nelson
        service_notification_period     24x7
        host_notification_period        24x7
        service_notification_options    u,c,r
        host_notification_options       d,u,r
        service_notification_commands   notify-null
#       service_notification_commands   notify-by-email
        host_notification_commands      notify-null
#       host_notification_commands      host-notify-by-email
        email                           rob at capband.net
        }


As an aside, notify-by-email and host-notify-by-email are normal. Since our network, due to reasons beyond my control - finance - is perpetually broken and I don't like sorting thru 1600 messages on webmail, I created a notify-null option so that I can still be a contact. Since I rely on the notification options in my host and services definitions and don't use escalations.cfg, it's the easiest way to not get mail but still be on the contact list.


So your path is to change cgi.cfg to not let just anyone see all the hosts. Then create groups in hostgroups.cfg who can view particular items - an item may be in multiple hostgroups, as well. The contact list used in hostgroups.cfg is defined contactgroups.cfg. These members are defined in contacts.cfg.

Hope that helps!


-------------------------------------------------------
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

More information about the Users mailing list