RE How to limit access to external command
Cyrille Bollu
Cyrille.Bollu at fedasil.be
Fri Oct 12 11:00:09 CEST 2007
Hello,
AFAIK, when a user is contact for a host or service she can issue any
command she wants for that host/service.
I would be glad to hear someone contradicting me :-)
Cyrille
"Luca Olivotto" <lolivotto at gmail.com>
Envoyé par : nagios-users-bounces at lists.sourceforge.net
12/10/2007 10:36
A
nagios-users at lists.sourceforge.net
cc
Objet
[Nagios-users] How to limit access to external command
Hi all,
i have enabled the external command and all work fine. now i wanto to
limit the execution of external commands trought web interface to only
few users but i don't know how can i do.
I have 2 "users":
- web: this is the admin, it work great no problem with this user(is
only an apache user)
- LucaGmail : this is the user that access the nagios web interface
and i want to limit, it can view only the service and host associated
to it (this is good) and can execute external commands (this is not
good); (LucaGmail is a "contact" for nagios and an apache user).
How can i limit the execution of external command?
below you can see some configuration of my installation:
in cgi.cfg
I set "use_authentication" to 1
default_user_name=nagiosadmin
authorized_for_system_information=nagiosadmin,theboss,jdoe,web
authorized_for_system_commands=nagiosadmin,web
authorized_for_configuration_information=nagiosadmin,jdoe,web
authorized_for_all_services=nagiosadmin,guest,web
authorized_for_all_hosts=nagiosadmin,guest,web
authorized_for_all_host_commands=nagiosadmin,web
authorized_for_all_service_commands=nagiosadmin,web
and in the htpasswd.user there are 2 users:
web
LucaGmail
in the httpd.conf
ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
<Directory "/usr/local/nagios/sbin">
Options ExecCGI FollowSymLinks
AllowOverride None
Order allow,deny
Allow from all
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user
</Directory>
an ls -la of "rw" directory give me:
drwxrws--- 2 nagios nagcmd 4096 Oct 11 16:10 .
drwxrwxr-x 5 nagios nagcmd 4096 Oct 12 10:19 ..
prw-rw---- 1 nagios nagcmd 0 Oct 11 17:32 nagios.cmd
in the nagcmd group there are these users:
-apache (webserver user)
-nagios
sorry for my english... if you need more info ask without problem
Thank you
bye
Luca
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when
reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.monitoring-lists.org/archive/users/attachments/20071012/956b52e7/attachment.html>
-------------- next part --------------
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
-------------- next part --------------
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list