For allowing a user view-only access only to some hosts in Nagios webview you have to implement following changes:
Note: Jump to 3. if you already have password protected authentication enabled
- Edit the
cgi.cfglocated in your nagios installation (e.g./usr/local/nagios/etc) to enable password protected login:use_authentication=1 - In the
nagios.conffile in your Apache installation directory, verify that the following lines are included to point to thehtpasswd.usersfile:AuthName "Nagios Access" AuthType Basic AuthUserFile /usr/local/nagios/etc/htpasswd.users Require valid-user - Add the user to the
htpasswd.usersfile using thehtpasswdcommand and the Apache HTTPD password manager. Location could vary depending on your system; a few common locations for it are/usr/binand/usr/local/apache/bin:# htpasswd /usr/local/nagios/etc/htpasswd.users testuser01 New password: Re-type new password: Adding password for user testuser01 - Edit the
cgi.cfglocated in your nagios installation; uncommentauthorized_for_read_onlyand add the username(s) for which you want to grant the access:authorized_for_read_only=testuser1 - Create an entry for the user in
objects/contacts.cfgfrom your nagios installation:define contact { contact_name testuser01 use generic-contact alias Test User 01 email [email protected] } - In the same
objects/contacts.cfgdefine also a group that will hold the user and other future users that will need same access to same hosts – easier to manage when users are contain in groups:define contactgroup { contactgroup_name view-only-host01 alias View Only access to alarms for Host01 members testuser01 } - Take the contactgroup defined previously,
view-only-host01, and in the .cfg of your host (e.g.objects/host01.cfg) add it to every service for which you want to grant the view only access:define service{ service_description Alarm for Test service - Metric 01 check_command webinject!test/test.xml servicegroups availability contact_groups admins,view-only-host01 } - Restart nagios