Disabling Host Commands CGI for a user
Marc Powell
marc at ena.com
Wed Sep 19 00:08:45 CEST 2007
> -----Original Message-----
> From: nagios-users-bounces at lists.sourceforge.net [mailto:nagios-users-
> bounces at lists.sourceforge.net] On Behalf Of Mick
> Sent: Tuesday, September 18, 2007 2:16 PM
> To: nagios-users at lists.sourceforge.net
> Subject: Re: [Nagios-users] Disabling Host Commands CGI for a user
>
> On Tuesday 18 September 2007, you wrote:
>
> Meanwhile, following Marc's .htaccess suggestion: Is apache going to
ask
> for
> a passwd every time a user clicks on the Hosts Commands CGI, or only
if
> this
> user is not in the relevant group file?
I presumed that you already had basic authentication set up. If you do,
it shouldn't ask for one at all. The user should already be
authenticated to view host/service status information. Apache just
checks to see if the authenticated user is a member of the admin group
and denies the request if not.
If you don't require authentication currently, I believe that if you set
htpasswd.users with admin accounts then move the 'require valid-user'
directive to within the FilesMatch and remove 'require group admins' and
AuthGroupFile, apache will only ask for the authentication information
if they access a listed cgi. htpasswd.users would only contain your
admin accounts. I haven't tested this.
--
Marc
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list