Re: [Nagios-devel] Advanced permissions/user properties
Posted: Sat Nov 11, 2006 4:39 am
Joerg Linge wrote:
> Am Samstag, 11. November 2006 03:54 schrieb Alex Burger:
>>
>> Here is a description of the option for cgi.cfg and nagios.cfg:
>>
>> # DEFAULT HOST/SERVICE PERMISSIONS
>> # This option contains a list of default permissions for hosts and
>> # services that will be used when permissions are not explicitly
>> # set on a host or service. When not defined, the default is all
>> # permissions (rwxn). Note: This option must be set the same in
>> # both cgi.cfg and nagios.cfg.
>>
>> #default_permissions=rwxn
>
> I think the default perms should be added to a contact or contactgroup.
>
> So i can give the Contact "netop" the Perms "r n" globaly.
>
> define contact{
> contact_name netop
> permissions r,n
> ....
> }
>
> or
>
> define contactgroup{
> contactgroup_name netpos
> member netop
> permissions r,n
> ....
> }
>
Certainly a tempting solution, but it would require that the core and
cgi config parsing code uses different code for evaluating the config,
which would require a huge effort.
As much as I like the result of these patches, I feel it would be better
to implement them in the up-and-coming PHP gui that will be introduced
with Nagios 3.0, where each service and host will most likely get a lote
more granular gui viewing permissions and that config will be stored in
a database or a separate file that the core doesn't have to worry about.
One of the major problems with enhancing the code today is that the gui
uses (roughly) the same data-structures and functions to do its work, so
core modifications affect the gui as well. This is a Bad Thing, and
makes it difficult to foresee all ramifications of changes both in gui
and in core.
With a gui that has its code well separated from the code it would be
very easy to do all sorts of fun experimental prototyping.
--
Andreas Ericsson [email protected]
OP5 AB www.op5.se
Tel: +46 8-230225 Fax: +46 8-230231
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]
> Am Samstag, 11. November 2006 03:54 schrieb Alex Burger:
>>
>> Here is a description of the option for cgi.cfg and nagios.cfg:
>>
>> # DEFAULT HOST/SERVICE PERMISSIONS
>> # This option contains a list of default permissions for hosts and
>> # services that will be used when permissions are not explicitly
>> # set on a host or service. When not defined, the default is all
>> # permissions (rwxn). Note: This option must be set the same in
>> # both cgi.cfg and nagios.cfg.
>>
>> #default_permissions=rwxn
>
> I think the default perms should be added to a contact or contactgroup.
>
> So i can give the Contact "netop" the Perms "r n" globaly.
>
> define contact{
> contact_name netop
> permissions r,n
> ....
> }
>
> or
>
> define contactgroup{
> contactgroup_name netpos
> member netop
> permissions r,n
> ....
> }
>
Certainly a tempting solution, but it would require that the core and
cgi config parsing code uses different code for evaluating the config,
which would require a huge effort.
As much as I like the result of these patches, I feel it would be better
to implement them in the up-and-coming PHP gui that will be introduced
with Nagios 3.0, where each service and host will most likely get a lote
more granular gui viewing permissions and that config will be stored in
a database or a separate file that the core doesn't have to worry about.
One of the major problems with enhancing the code today is that the gui
uses (roughly) the same data-structures and functions to do its work, so
core modifications affect the gui as well. This is a Bad Thing, and
makes it difficult to foresee all ramifications of changes both in gui
and in core.
With a gui that has its code well separated from the code it would be
very easy to do all sorts of fun experimental prototyping.
--
Andreas Ericsson [email protected]
OP5 AB www.op5.se
Tel: +46 8-230225 Fax: +46 8-230231
This post was automatically imported from historical nagios-devel mailing list archives
Original poster: [email protected]