Nagios Support Forum

I'm having some trouble getting nagios configured to allow authorization for users I've added.

I have successfully created new users who can log in with their given password and control hosts/services/etc that they are a contact for, but I am having issues granting permission for them to manage things that they are not a contact for.

For example, I want my boss to have his own login where he is essentially given the same permissions as the "nagiosadmin" user. Unfortunately, when logged in under his user name, he cannot view my test dummy hosts that he isn't a contact for. I've added his username, lets call him bob, everywhere that nagiosadmin appears in the cgi config file located in /usr/local/nagios/etc/cgi.cfg so that things that used to look like

authorized_for_all_service_commands=nagiosadmin

now are
authorized_for_all_service_commands=nagiosadmin,bob

I have done this for all of the authorization lines in the file. I've restarted the nagios service, httpd, and even the machine itself. I've also cleared cookies and the cache from my browser, still no dice. I'm having similar issues getting a "read only user" working, where that user can login but can't view anything (as they aren't a contact for anything).

I'm sure I'm missing something really obvious here, any ideas? I'm pretty much a complete newbie as far as authentication protocols.

Hi Brad,

Is your boss in the htpasswd.users file or whatever Authentication type you use.

I have literaly created a test user that is not defined in any off my configs apart from htpasswd.users.

it can login and see all servers and services

from cgi.cfg
authorized_for_system_information=nagiosadmin,test
authorized_for_configuration_information=nagiosadmin,test
authorized_for_system_commands=nagiosadmin,test
authorized_for_all_services=nagiosadmin,test
authorized_for_all_hosts=nagiosadmin,test

from htpasswd.uswers
test:1tJVDnxy2Fwco


Its going to be authentication for both your issues.

Regards

Tom

I forgot the lines as well

authorized_for_all_service_commands=nagiosadmin,test
authorized_for_all_host_commands=nagiosadmin,test

twelsh is correct. In the cgi.cfg, you should have:
in order for bob to see all hosts and services
in order to allow bob to run commands

twelsh wrote:Hi Brad,

Is your boss in the htpasswd.users file or whatever Authentication type you use.

I have literaly created a test user that is not defined in any off my configs apart from htpasswd.users.

it can login and see all servers and services

from cgi.cfg
authorized_for_system_information=nagiosadmin,test
authorized_for_configuration_information=nagiosadmin,test
authorized_for_system_commands=nagiosadmin,test
authorized_for_all_services=nagiosadmin,test
authorized_for_all_hosts=nagiosadmin,test

from htpasswd.uswers
test:1tJVDnxy2Fwco


Its going to be authentication for both your issues.

Regards

Tom

Hi Tom,

Yes, my boss is showing up in my htpasswd file. He was also added to the end of all of the statements posted here, I only arbitrarily chose the one in my original post as an example, sorry if that wasn't clear.

The thing is... oddly enough the issue seems to have resolved itself. I literally haven't modified any files, I tested it one last time before I posted in this thread again, and for some reason it's fine now.

The only issue I have remaining is with the "read only user". I set up a user account "visitor" who is visible in the htpasswd file and able to login, but unable to view any hosts/services/etc. The commenting above the authorized_for_read_only line makes it seem like I shouldn't need to add "visitor" to any other authorization lines in the file (comment pasted below). Is this not the case?

You will still need to enable some options for the read only user, as by default, they are not authorized to view any of the CGIs. See the following document: http://nagios.sourceforge.net/docs/3_0/cgiauth.html

Will do. Just wanted to make sure I wasn't missing something. Would prefer to keep auth at the minimum required to get what I want =D


Thanks folks!