User permissions on the Nagios CGI?

carbohydrate · August 26, 2008, 4:49pm

I was wondering if there was any way to assign granular rights on the Nagios CGI?

Specifically, I want to give certain users to view information about certain hosts (or even all hosts as long as its Read Only data) such as host problems, alerts, etc. I do not want any of them to be able to disable alerts.

I am using Nagios 2, and looking through the Authentication and Authorization page (nagios.sourceforge.net/docs/2_0/cgiauth.html) it looks like I can only assign authenticated contacts with at minimum the default permission set. However, this wont work for me since these users all would have the ability to control their own alerts.

Am I reading this wrong, or is there a way to accomplish this?

thanks!

TheWired · August 26, 2008, 5:39pm

Check out cgi.cfg. I know you can set specific users for certain authorizations on services and hosts. For each user that you create you want to make sure they are specified in this file to give them the rights that you want. It is more granular than just basic rights, but it may not be as granular as you want.

Loose · August 27, 2008, 8:21am

bad news: I really think that you are NOT reading this wrong:
I’ve also tried to do the same, but as soon as you authorize a contact group to view certain hosts, you give these users all the rights on these hosts/services…

So, right now, I’ve got the same problem as yours, and I’ve never seen anything on this subject (although, I must say that I didn’t really search a lot … as in the end, I just refused any user who wanted access…which is much much easier to do than having to maintain users right by hand :))

but if you find anything worth on this subject, don’t hesitate to post it

carbohydrate · August 27, 2008, 4:50pm

Thanks for the replies everyone. I’ve done some additional digging around as well with no results. I will post anything I find.

And · May 26, 2009, 2:06pm

Good Afternoon!
Trying to bump this thread up, I couldn’t find a way to change CGIs default permission as well,sigh…
Thanks in advance!

And

corcoran · June 1, 2009, 2:25pm

you ‘just’ want certain users to see certain hosts?

And · June 3, 2009, 8:10am

Good Morning! No, I’d like to hide windows not avalaible to certain user, for exampls “user01” can’t access (view the link to) “Availability” page.
Thanks for your answer.

And

corcoran · June 3, 2009, 8:12am

it’s probably easier to create a new contact and put it in a new contact group which corresponds to the hosts/services you want the person to see and then corresponding username/password for access to apache/nagios web.

And · June 3, 2009, 9:01am

Yes, this is what I did and it works well. It’s just that some users can access too many informations and I can’t limit them. I want som e people to only view some basic notifications.

And