How to limit access to external command

Luca Olivotto lolivotto at gmail.com
Fri Oct 12 10:36:08 CEST 2007

Previous message: Front end for Nagios
Next message: How to limit access to external command
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi all,
i have enabled the external command and all work fine. now i wanto to
limit the execution of external commands trought web interface to only
few users but i don't know how can i do.

I have 2 "users":
 - web: this is the admin, it work great no problem with this user(is
only an apache user)
 - LucaGmail : this is the user that access the nagios web interface
and i want to limit, it can view only the service and host associated
to it (this is good) and can execute external commands (this is not
good); (LucaGmail is a "contact" for nagios and an apache user).

How can i limit the execution of external command?

below you can see some configuration of my installation:

in cgi.cfg

I set "use_authentication" to 1

default_user_name=nagiosadmin
authorized_for_system_information=nagiosadmin,theboss,jdoe,web
authorized_for_system_commands=nagiosadmin,web
authorized_for_configuration_information=nagiosadmin,jdoe,web
authorized_for_all_services=nagiosadmin,guest,web
authorized_for_all_hosts=nagiosadmin,guest,web
authorized_for_all_host_commands=nagiosadmin,web
authorized_for_all_service_commands=nagiosadmin,web

and in the htpasswd.user there are 2 users:
web
LucaGmail

in the httpd.conf

ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
<Directory "/usr/local/nagios/sbin">
        Options ExecCGI FollowSymLinks
        AllowOverride None
        Order allow,deny
        Allow from all
        AuthName "Nagios Access"
        AuthType Basic
        AuthUserFile /usr/local/nagios/etc/htpasswd.users
        Require valid-user
</Directory>

an ls -la of "rw" directory give me:

drwxrws--- 2 nagios nagcmd 4096 Oct 11 16:10 .
drwxrwxr-x 5 nagios nagcmd 4096 Oct 12 10:19 ..
prw-rw---- 1 nagios nagcmd    0 Oct 11 17:32 nagios.cmd

in the nagcmd group there are these users:
-apache (webserver user)
-nagios


sorry for my english... if you need more info ask without problem

Thank you
bye
Luca

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems?  Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: Front end for Nagios
Next message: How to limit access to external command
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list