在安装Nagios的时候只定义了一个有admin权限的用户。但是在实际使用过程中,也许需要让其他的用户可以访问页面查看host或service的情况。因此我们需要添加额外的不具备admin权限的用户来访问web页面。
假设我们要再创建一个叫viewer的用户,并授权这个用户可以查看所有的hosts和services的情况。
1. 用htpasswd添加用户
htpasswd /usr/local/nagios/etc/htpasswd.users viewer
输入密码并确认
2. 修改/usr/local/nagios/etc/cgi.cfg文件
# GLOBAL HOST/SERVICE VIEW ACCESS
# These two options are comma-delimited lists of all usernames that
# can view information for all hosts and services that are being
# monitored. By default, users can only view information
# for hosts or services that they are contacts for (unless you
# you choose to not use authorization). You may use an asterisk (*)
# to authorize any user who has authenticated to the web server.
authorized_for_all_services=nagios,viewer
authorized_for_all_hosts=nagios,viewer
和
# READ-ONLY USERS
# A comma-delimited list of usernames that have read-only rights in
# the CGIs. This will block any service or host commands normally shown
# on the extinfo CGI pages. It will also block comments from being shown
# to read-only users.
#authorized_for_read_only=user1,user2
authorized_for_read_only=viewer
因为viewer只需要查看web页面,不需要执行命令,所以只在这两处添加。如果read_only的地方不添加,那么viewer将获得在具体的host或者service页面执行比如re-schedule等命令的权限。
3. 重启httpd和nagios服务
4. 在web界面用viewer账户登录,即可查看所有hosts和services的情况,但在具体到某个host或service页面的时候,右侧会显示:
Host Commands
Your account does not have permissions to execute commands.
|