Hi Luca,
this part of your cgi.cfg should normaly control the use of the external commands > authorized_for_all_host_commands=nagiosadmin,web > authorized_for_all_service_commands=nagiosadmin,web This means that with your actual config the user nagiosadmin and the user web should be allowed to set an external command like discribed in the default cgi.cfg <snip--> # GLOBAL HOST/SERVICE COMMAND ACCESS # These two options are comma-delimited lists of all usernames that # can issue host or service related commands via the command # CGI (cmd.cgi) for all hosts and services that are being monitored. # By default, users can only issue commands for hosts or services # that they are contacts for (unless you you choose to not use # authorization). You may use an asterisk (*) to authorize any # user who has authenticated to the web server. <snip--/> kind regards Dennis > Hi all, > i have enabled the external command and all work fine. now i wanto to > limit the execution of external commands trought web interface to only > few users but i don't know how can i do. > > I have 2 "users": > - web: this is the admin, it work great no problem with this user(is > only an apache user) > - LucaGmail : this is the user that access the nagios web interface > and i want to limit, it can view only the service and host associated > to it (this is good) and can execute external commands (this is not > good); (LucaGmail is a "contact" for nagios and an apache user). > > How can i limit the execution of external command? > > below you can see some configuration of my installation: > > in cgi.cfg > > I set "use_authentication" to 1 > > default_user_name=nagiosadmin > authorized_for_system_information=nagiosadmin,theboss,jdoe,web > authorized_for_system_commands=nagiosadmin,web > authorized_for_configuration_information=nagiosadmin,jdoe,web > authorized_for_all_services=nagiosadmin,guest,web > authorized_for_all_hosts=nagiosadmin,guest,web > authorized_for_all_host_commands=nagiosadmin,web > authorized_for_all_service_commands=nagiosadmin,web > > and in the htpasswd.user there are 2 users: > web > LucaGmail > > in the httpd.conf > > ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin" > <Directory "/usr/local/nagios/sbin"> > Options ExecCGI FollowSymLinks > AllowOverride None > Order allow,deny > Allow from all > AuthName "Nagios Access" > AuthType Basic > AuthUserFile /usr/local/nagios/etc/htpasswd.users > Require valid-user > </Directory> > > an ls -la of "rw" directory give me: > > drwxrws--- 2 nagios nagcmd 4096 Oct 11 16:10 . > drwxrwxr-x 5 nagios nagcmd 4096 Oct 12 10:19 .. > prw-rw---- 1 nagios nagcmd 0 Oct 11 17:32 nagios.cmd > > in the nagcmd group there are these users: > -apache (webserver user) > -nagios > > > sorry for my english... if you need more info ask without problem > > Thank you > bye > Luca > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > Nagios-users mailing list > Nagios-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/nagios-users > ::: Please include Nagios version, plugin version (-v) and OS when > reporting any issue. > ::: Messages without supporting info will risk being sent to /dev/null > > ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
