Re: [Nagios-users] Users able to see services their not authenticated for
On Mar 27, 2009, at 2:46 AM, Tore Lønøy wrote: > > I tried to create a "no-contactgroup" which has no members: > define contactgroup { > contactgroup_name no-contactgroup > alias Group with none-existing user > } > > > And the service: > define service { > host_name XXX > service_description XXX > check_period24x7 > check_command check_nrpe!XXX > contact_groups no-contactgroup > notification_period 18x7 > initial_state o > []... > } > > And the host: > define host { > host_name XXX > alias XXX > address XXX > parents XXX2 > check_command check-host-alive > contact_groups support > [...] > } > > Neither the host or the service have a contacts variable defined. This does help clarify. If that service is applied to that host, then 'support' will indeed see that service but no one else will. Contacts for hosts will automatically see all services on that host (effectively they're at a higher level). See http://nagios.sourceforge.net/docs/3_0/cgiauth.html . That particular authorization can't be restricted AFAIK. -- Marc -- ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Users able to see services their not authenticated for
On Mar 26, 2009, at 10:51 AM, Tore L?n?y wrote: > I've zeroed out the values for contacts and contactgroups, which > should effectivly hide this service unless cgi.cfg tells otherwise > for that user. > > But, any user is able to view this service, why? > > Ive tried to add myself to the contacts line and remove the > contact_groups, so it would look like this: > contacts tore > #contact_groups > > But this still doesnt work, are regular operators are still able to > view the service, why? Operators are members of a "operators" group, > which is a contactgroup for all hosts. << http://nagios.sourceforge.net/docs/3_0/objectinheritance.html#implied_inheritance << << -- << Marc Hey Marc, Thanks for the info, much appriciated. However, I cannot seem to understand why all my users can view the service when the contacts and contact_groups have no entries. As far as I understand the document in question, thoose values are only inherited from the host when thoose values arn't defined in the service object (in the cfg file). I tried to create a "no-contactgroup" which has no members: define contactgroup { contactgroup_name no-contactgroup alias Group with none-existing user } And the service: define service { host_name XXX service_description XXX check_period24x7 check_command check_nrpe!XXX contact_groups no-contactgroup notification_period 18x7 initial_state o []... } And the host: define host { host_name XXX alias XXX address XXX parents XXX2 check_command check-host-alive contact_groups support [...] } Neither the host or the service have a contacts variable defined. Am I missing something? Thanks for the help! -- ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
Re: [Nagios-users] Users able to see services their not authenticated for
On Mar 26, 2009, at 10:51 AM, Tore Lønøy wrote: > I've zeroed out the values for contacts and contactgroups, which > should effectivly hide this service unless cgi.cfg tells otherwise > for that user. > > But, any user is able to view this service, why? > > Ive tried to add myself to the contacts line and remove the > contact_groups, so it would look like this: > contacts tore > #contact_groups > > But this still doesnt work, are regular operators are still able to > view the service, why? Operators are members of a "operators" group, > which is a contactgroup for all hosts. http://nagios.sourceforge.net/docs/3_0/objectinheritance.html#implied_inheritance -- Marc -- ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null
[Nagios-users] Users able to see services their not authenticated for
Hello, I have a service I just want a certain group to be able to view, here is the object def. of the service from objects.cache: define service { host_name hostname service_description description check_period24x7 check_command check_nrpe!service contacts contact_groups notification_period 18x7 initial_state o check_interval 2.00 retry_interval 5.00 max_check_attempts 4 is_volatile 0 parallelize_check 1 active_checks_enabled 1 passive_checks_enabled 0 obsess_over_service 0 event_handler_enabled 0 low_flap_threshold 0.00 high_flap_threshold 0.00 flap_detection_enabled 1 flap_detection_options o,w,u,c freshness_threshold 0 check_freshness 0 notification_optionsc,r notifications_enabled 0 notification_interval 60.00 first_notification_delay0.00 stalking_optionsn process_perf_data 1 failure_prediction_enabled 1 icon_image graph.png retain_status_information 1 retain_nonstatus_information1 } I've zeroed out the values for contacts and contactgroups, which should effectivly hide this service unless cgi.cfg tells otherwise for that user. But, any user is able to view this service, why? Ive tried to add myself to the contacts line and remove the contact_groups, so it would look like this: contacts tore #contact_groups But this still doesnt work, are regular operators are still able to view the service, why? Operators are members of a "operators" group, which is a contactgroup for all hosts. Any tips would be gratefull :) Running Nagios 3.0.1 -- ___ Nagios-users mailing list Nagios-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/nagios-users ::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. ::: Messages without supporting info will risk being sent to /dev/null