Nagios Support Forum

Posted: **Wed Mar 23, 2016 8:22 am**

Hi Everyone,

Currently whenever we have a low toner alert the customers receive a warning telling them the toner is low with a link to nagios, due to the way i have it configured it they can click on the link and they get an access denied to view page.

I've had requests to allow the users to be able to click on the link and acknowledge the problem themselves. I use a script to customise the nagios alert.

Code: Select all

Nagios Monitoring System Notification
Ramsdens Financial
Notification Type:	PROBLEM
Service Name:	Oak_PVWatcher
Service Group:	
Service Status:	CRITICAL
Service Data:	PVWatcher.exe: not running 

Hostname:	DR1

Hostalias:	DR1
IP Address:	xxx.xxx.xxx.xxx
Hostgroup:	windows-servers

Event Time:	Tue Mar 22 12:47:39 GMT 2016

The service data PVWatcher.exe: not running is a hyperlink http://nagios.fm4dd.com/nagios/cgi-bin/ ... _PVWatcher

Is there a way to create a user that can only view certain things and only acknowledge problems?

Posted: **Wed Mar 23, 2016 9:33 am**

I'm following instructions i've found here

http://linuxsysadminblog.com/2009/05/se ... -services/

So using one of our IT guys as a test, i've created a user called chris

Code: Select all

define contact{
        contact_name                    chris
        alias                           Chris James
        service_notification_period     workhours
        host_notification_period        workhours
        service_notification_options    w,u,c,r
        host_notification_options       d,r
        service_notification_commands   service-email-html-int-en
        host_notification_commands      host-email-html-int-en
        email                           [email protected]
        }

define contactgroup{
        contactgroup_name       viewprinter
        alias                   People who can only View Printers
        members                 chris
        }

I've then modified one of our printers as such

Code: Select all

define host{
        use                             generic-printer         ; Inherit default values from a template
        host_name                       IT                      ; The name we're giving to this printer
        alias                           IT Support Printer      ; A longer name associated with the printer
        address                         192.168.1.199           ; IP address of the printer
        hostgroups                      network-printers        ; Host groups this printer is associated with
        parents                         Printers                ; Details specific for MAP
        notification_interval           10080                   ; Notify period in minutes
        contact_groups                  itho,viewprinter        ; Department Responsible
        }

In the cgi.cfg i've added him as a read-only.

Code: Select all

# READ-ONLY USERS
# A comma-delimited list of usernames that have read-only rights in
# the CGIs.  This will block any service or host commands normally shown
# on the extinfo CGI pages.  It will also block comments from being shown
# to read-only users.

authorized_for_read_only=chris

When i login as chris to Nagios, i can see nothing, have i missed something?

Posted: **Wed Mar 23, 2016 10:19 am**

I have managed to solve this, just a bit more tweeking with the configure files and services.

Is there a way to only allow them to Acknowledge a problem and nothing else however?

Posted: **Wed Mar 23, 2016 11:50 am**

What permissions do you have added for 'chris' in the cgi.cfg config currently after making your changes?

Posted: **Wed Mar 23, 2016 11:58 am**

I ended up leaving him with everything;

Code: Select all

authorized_for_system_information=chris, others
authorized_for_configuration_information=chris, others
authorized_for_system_commands=chris, others
authorized_for_all_services=chris,others
authorized_for_all_hosts=chris,others
authorized_for_all_service_commands=chris,others
authorized_for_all_host_commands=chris,others

Posted: **Wed Mar 23, 2016 4:13 pm**

nathanplatt wrote:Is there a way to only allow them to Acknowledge a problem and nothing else however?

I guess this depends on what exactly you want to do - are you looking to have *any* contact be able to acknowledge *any* problem, or just those to which the contact is assigned?

Posted: **Thu Mar 24, 2016 6:15 am**

Hi,

The situation is I want 1 user to be able to acknowledge a problem with their printer. Example;

Accounts - Ink level is low
Accounts - Acknowledge the problem

No other access

Nathan

Posted: **Thu Mar 24, 2016 10:40 am**

Do you have each individual contact assigned to the host / service in question? In this case, 'chris'.

Posted: **Thu Mar 24, 2016 11:08 am**

I have managed to create a user that can only see the printers in the company, but it gives them all the options, all i want to give them is acknowledge.

Posted: **Thu Mar 24, 2016 4:39 pm**

I think I understand what you mean now - in addition to acknowledging, this user is currently also able to disable notifications, put in downtime, etc? If that's the case this is not possible, as the authorized_for_system_commands setting applies to all commands, and does not have options to fine-grain down to just an acknowledgement.

Nagios Support Forum

Configuring anyone to be able to acknoledge problems?

Configuring anyone to be able to acknoledge problems?

Re: Configuring anyone to be able to acknoledge problems?

Re: Configuring anyone to be able to acknoledge problems?

Re: Configuring anyone to be able to acknoledge problems?

Re: Configuring anyone to be able to acknoledge problems?

Re: Configuring anyone to be able to acknoledge problems?

Re: Configuring anyone to be able to acknoledge problems?

Re: Configuring anyone to be able to acknoledge problems?

Re: Configuring anyone to be able to acknoledge problems?

Re: Configuring anyone to be able to acknoledge problems?