Restricted access user sees additional hosts

[MalcolmPreen]

I have successfully setup a user, which is only allowed to see a subset of services / hosts.

This is fine for most screens, but when I click on "hostgroups", I am shown some additional hosts with "No matching services"

This appears to be because my configuration has multiple host groups, and hosts can be in more than one hostgroup.

If one of the hosts I am allowed to view, is in multiple hostgroups..... then for each of those hostgroups... I get "details" of all of the hosts within that hostgroup.

If it is not one of my hosts, all I see is the name (with a hyperlink which shows the IP address) and the status (up/down) along with "No matching services".

I would prefer, that these hosts were not shown at all.

When I first discovered this, I was using Nagios Core 3.5.0.... but since then I have also tried 3.5.1 and 4.0.1, both of which seem to exhibit the same behavior.

Have I missed something obvious in the configuration ?

Thanks, Malcolm

[slansing]

As long as you apply the user's contact to only the host that user should be able to see they should not see any other hosts in the host group that the applied host is assigned to. And this is not the case for you correct? I was able to reproduce this in core, but not in Nagios XI on the same server..

Does this user have rights it should not have in the authorized_for definitions of /usr/local/nagios/etc/resource.cfg?

Edit: cgi.cfg not resource..

[MalcolmPreen]

Thanks for your reply..

This is for Nagios Core - not Nagios XI

I don't have any "authorized_for" lines in resource.cfg

All I have is

Code: Select all

[root@HOST /usr/local/nagios/etc]# grep "^authorized_for" *cfg
cgi.cfg:authorized_for_system_information=nagiosadmin
cgi.cfg:authorized_for_configuration_information=nagiosadmin
cgi.cfg:authorized_for_system_commands=nagiosadmin
cgi.cfg:authorized_for_all_services=nagiosadmin
cgi.cfg:authorized_for_all_hosts=nagiosadmin,LIST_OF_UNRESTRICTED_USERNAMES
cgi.cfg:authorized_for_all_service_commands=nagiosadmin
cgi.cfg:authorized_for_all_host_commands=nagiosadmin

The restricted user is not listed in any cfg files.

There are 32 hosts this user should be able to see (and can from the hosts/services links)

For each of these hosts, the restricted user is a member of the contact_group assigned to that host.

There is one hostgroup which contains all 32 of these hosts.... but if I click the hostgroups link, I see 5 host groups;

the "sub-customer" one listed above
two "location" ones - which include other hosts... listed as up/down with "No matching services"
two other "application" ones - which also include other hosts...

I've tried to explain above... but I'm fully aware that a picture would help... but I'm not able to get an image which I can publish without blanking out almost all the customer information... so I will attempt to produce a reduced size example with my own servers which I can publish... hopefully that will be with you tomorrow... (unless the problem is solved by then).

Malcolm

[abrist]

I confirmed this behavior. Please open a bug report at: http://tracker.nagios.org
Link the bug report in this thread.

[MalcolmPreen]

Thanks - bug reported... http://tracker.nagios.org/view.php?id=519

I have also reproduced the issue using non-customer machines - see the attached screen shots

Example output from Hostgroups

Hostgroups / Summary shows total number of hosts/services... not total number of viewable hosts/services

Example output from Hostgroups/Summary

Hostgroups / Grid shows the names of all of the services... including those on non-viewable screens..

Example output from Hostgroups/Grid

Clicking on any of the links which shouldn't be viewable produces no data... but the host/service names should not be viewable.... IMHO

Thanks, Malcolm

[abrist]

Thanks for the thorough bug report. I can confirm every one of those behaviors.

[fm2ahmed]

Hi,

Has this issue been resolved in Nagios?? AS I have got the same issue?

Regards,
Farooq Ahmed

[MalcolmPreen]

Not that I am aware of (although I've not yet upgraded to 4.0.4 - we are running 4.0.2).

We have avoided the problem by using "thruk".

Hope that helps, Malcolm

[fm2ahmed]

Hi,

I have got Nagios 4.0.2 as well and have got the problem.

BTW what is "thruk" and where can I access to resolve the issue??

Regards,
Farooq Ahmed

[MalcolmPreen]

google is your friend...

www.thruk.org

Malcolm

PS - I'll update this report on the success (or otherwise) of testing with 4.0.4 (maybe a few weeks....)