Nagios Support Forum

Hello everyone.

We came across with task to allow our users, who work in our first level of technical support, get right to write comment via web-interface. At this moment our colleagues, who work in the first level of technical support, use nagios guest account to do their job. We would like to grant minimum rights to our first level tech support, so we want allow them only right to write comments and rights, that already have nagios guest account.

I have looked inside /etc/nagios/cgi.cfg to find something, that could help us if we create new user account in nagios for that purposes. But among available rights at /etc/nagios/cgi.cfg I couldn't have found something that can help our requirement.

Could you advice me, please, what should I do, what way should I use, where to look at to find solution our question.

By the way, we are using Nagios Core Version 3.5.1.

With hope for help.
Sergey.

The document relating to permissions for users can be found here, https://assets.nagios.com/downloads/nag ... iauth.html

Take a look at it, and it should clear up any questions you may have. I believe that the permission needed for a note is authorized_for_all_services and authorized_for_all_hosts.

rkennedy wrote:The document relating to permissions for users can be found here, https://assets.nagios.com/downloads/nag ... iauth.html

Take a look at it, and it should clear up any questions you may have. I believe that the permission needed for a note is authorized_for_all_services and authorized_for_all_hosts.

Thanks for your answer and wishes to help us.
I have read link, you have written. Unfortunately I have not found solution for us.

If I use following statments for defined user in /etc/nagios/cgi.cfg:
authorized_for_all_services=
authorized_for_all_hosts=
This user get only rights to view web fields with comments and other fields. But have no right to write comment and have no right to apply any other command via web interface.

If I grant to the user these statments:
authorized_for_all_service_commands=
authorized_for_all_host_commands=
This user will get all rights to execute any command via web-GUI, but we want to grant only command that allow read and write comments.

Quick remark about “authorized_for_read_only=” option.
If we see its comment in file /etc/nagios/cgi.cfg, we can view that “It will also block comments from being shown to read-only users.”
...
# READ-ONLY USERS
# A comma-delimited list of usernames that have read-only rights in
# the CGIs. This will block any service or host commands normally shown
# on the extinfo CGI pages. It will also block comments from being shown
# to read-only users.

authorized_for_read_only=guest
...
It explain why guest user cannot even see comments at all on nagios GUI web pages.

With best regards,
Sergey

Does anybody know - newer nagios version, than we use to, or even enterprise nagios version - is it supports described above feature or no?

belogrud wrote:This user will get all rights to execute any command via web-GUI, but we want to grant only command that allow read and write comments.

There is no option to allow *only* reading and writing comments, and in XI we are working to make the permissions more granular but this is not currently available.

I was able to accomplish this in Nagios XI and the "Object Notes" component. Here's the security settings I used for my user:
I had to modify the "objectnotes.php" and the "objectnotes.inc.php" files a bit in order to allow all users to add/edit notes. This way all users can post notes, but they can't modify host/services, run external commands, etc. Example:

Thanks a lot.
I'm very thankful and really appreciate your answers.
It will very help us to find a way what we would do with our difficulties.

With best regards,
Sergey

Glad we were able to help. We'll lock this thread now and feel free to open another should you require assistance with anything else.