Restrict access to Nagios web interface


#1

Dear all,

I would like to restrict access for some users in Nagios Web to view just hosts and servers that are members of some hosts groups and services groups, e.g:

  • These users could be able to view informations of hosts;
  • These users could be able to view informations of services associated of hosts;
  • These users could be able to schedule a downtime of associated hosts.

Someone knows a simple way to do it?

Thank you for your attention.

Emerson Candido


#2

if you put a user in the .htpasswd file and in the contacts for a host/service the user will be able to completely see and manage the host/service.

As far as i know it’s not possible to only show info about a host/service without enabling all commmands.


#3

Hello,

Just joined this forum. Found this thread while google searching the exact same topic, but I found a different answer then what luca mentioned.

Check out: homepage.mac.com/duling/halfdoze … to-p1.html

Interestingly:

[quote]6.4. Limit user rights

Now that you have a Nagios “superuser” that has rights to view all host and services, you may also want to have users with restricted viewing rights for others persons. To do so for local user/password authentication, create Apache users whose names match Nagios contact names. To do so with ldap authentication, just choose your Nagios contact names to match your ldap usernames. When Nagios web interface users match Nagios contact names, the Nagios web interface user may only view those hosts and services for which his user is listed as a contact.[/quote]

It doesn’t give you option 3, but with some added contact entries, 1 and 2 are certainly doable.


#4

Have you tried it?

As far as i know (tried on older versions and i never heard of changes) a user enabled for viewing has total control of the command part of nagios, including scheduling downtimes, disabling checks and so on.