Re: [Nagios-users] Users able to see services their not authenticated for
On Mar 27, 2009, at 2:46 AM, Tore Lønøy wrote:
>
> I tried to create a "no-contactgroup" which has no members:
> define contactgroup {
> contactgroup_name no-contactgroup
> alias Group with none-existing user
> }
>
>
> And the service:
> define service {
> host_name XXX
> service_description XXX
> check_period24x7
> check_command check_nrpe!XXX
> contact_groups no-contactgroup
> notification_period 18x7
> initial_state o
> []...
> }
>
> And the host:
> define host {
> host_name XXX
> alias XXX
> address XXX
> parents XXX2
> check_command check-host-alive
> contact_groups support
> [...]
> }
>
> Neither the host or the service have a contacts variable defined.
This does help clarify. If that service is applied to that host, then
'support' will indeed see that service but no one else will. Contacts
for hosts will automatically see all services on that host
(effectively they're at a higher level). See
http://nagios.sourceforge.net/docs/3_0/cgiauth.html
. That particular authorization can't be restricted AFAIK.
--
Marc
--
___
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting
any issue.
::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Users able to see services their not authenticated for
On Mar 26, 2009, at 10:51 AM, Tore L?n?y wrote:
> I've zeroed out the values for contacts and contactgroups, which
> should effectivly hide this service unless cgi.cfg tells otherwise
> for that user.
>
> But, any user is able to view this service, why?
>
> Ive tried to add myself to the contacts line and remove the
> contact_groups, so it would look like this:
> contacts tore
> #contact_groups
>
> But this still doesnt work, are regular operators are still able to
> view the service, why? Operators are members of a "operators" group,
> which is a contactgroup for all hosts.
<<
http://nagios.sourceforge.net/docs/3_0/objectinheritance.html#implied_inheritance
<<
<< --
<< Marc
Hey Marc,
Thanks for the info, much appriciated. However, I cannot seem to understand
why all my users can view the service when the contacts and contact_groups
have no entries. As far as I understand the document in question, thoose
values are only inherited from the host when thoose values arn't defined in
the service object (in the cfg file).
I tried to create a "no-contactgroup" which has no members:
define contactgroup {
contactgroup_name no-contactgroup
alias Group with none-existing user
}
And the service:
define service {
host_name XXX
service_description XXX
check_period24x7
check_command check_nrpe!XXX
contact_groups no-contactgroup
notification_period 18x7
initial_state o
[]...
}
And the host:
define host {
host_name XXX
alias XXX
address XXX
parents XXX2
check_command check-host-alive
contact_groups support
[...]
}
Neither the host or the service have a contacts variable defined.
Am I missing something?
Thanks for the help!
--
___
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting
any issue.
::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Users able to see services their not authenticated for
On Mar 26, 2009, at 10:51 AM, Tore Lønøy wrote: > I've zeroed out the values for contacts and contactgroups, which > should effectivly hide this service unless cgi.cfg tells otherwise > for that user. > > But, any user is able to view this service, why? > > Ive tried to add myself to the contacts line and remove the > contact_groups, so it would look like this: > contacts tore > #contact_groups > > But this still doesnt work, are regular operators are still able to > view the service, why? Operators are members of a "operators" group, > which is a contactgroup for all hosts. http://nagios.sourceforge.net/docs/3_0/objectinheritance.html#implied_inheritance -- Marc -- ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
[Nagios-users] Users able to see services their not authenticated for
Hello,
I have a service I just want a certain group to be able to view, here is the
object def. of the service from objects.cache:
define service {
host_name hostname
service_description description
check_period24x7
check_command check_nrpe!service
contacts
contact_groups
notification_period 18x7
initial_state o
check_interval 2.00
retry_interval 5.00
max_check_attempts 4
is_volatile 0
parallelize_check 1
active_checks_enabled 1
passive_checks_enabled 0
obsess_over_service 0
event_handler_enabled 0
low_flap_threshold 0.00
high_flap_threshold 0.00
flap_detection_enabled 1
flap_detection_options o,w,u,c
freshness_threshold 0
check_freshness 0
notification_optionsc,r
notifications_enabled 0
notification_interval 60.00
first_notification_delay0.00
stalking_optionsn
process_perf_data 1
failure_prediction_enabled 1
icon_image graph.png
retain_status_information 1
retain_nonstatus_information1
}
I've zeroed out the values for contacts and contactgroups, which should
effectivly hide this service unless cgi.cfg tells otherwise for that user.
But, any user is able to view this service, why?
Ive tried to add myself to the contacts line and remove the contact_groups,
so it would look like this:
contacts tore
#contact_groups
But this still doesnt work, are regular operators are still able to view the
service, why? Operators are members of a "operators" group, which is a
contactgroup for all hosts.
Any tips would be gratefull :)
Running Nagios 3.0.1
--
___
Nagios-users mailing list
Nagios-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting
any issue.
::: Messages without supporting info will risk being sent to /dev/null
