Problem with group management for right about thruk HOT 5 CLOSED

This is not possible. You can only assign contacts, not contact_groups in the cgi.cfg. But would be a nice feature.

from thruk.

I confirm that this is working partially.
My user is in the admins groups and have almost all access.
another user, not in this group, can only see its hosts.
should have been added with this commit (August 03, 2011) : 71c6e83 fixed backends using groups authentication

from thruk.

You are refering a totally different feature. If you are using more than one backend. You can use the "group" attribute of your peer config to exclusivly make this peer available to specific groups. This has nothing to do with the cgi.cfg.

from thruk.

ok, so I don't know why (for the moment) but this is working for hosts view, service view, commands(involuntary feature ? :) .

My rights configuration in cgi.cfg:

use_authentication=1
default_user_name=
authorized_for_system_information=admins
authorized_for_configuration_information=admins
authorized_for_system_commands=admins
authorized_for_all_services=admins
authorized_for_all_hosts=admins
authorized_for_all_service_commands=admins
authorized_for_all_host_commands=admins

One of my nagios hosts :
define host {
host_name sigxmapp01
alias sigxmapp01
address 192.168.54.108
check_command check-host-alive
notification_interval 15
notification_options d,u,r
max_check_attempts 3
check_period 24x7
notification_period 24x7
use tpl_host_doc_wiki,tpl_host_sigxmsup01_pnp4nagios
contact_groups admins
}

define host {
host_name sigxmapp02
alias sigxmapp02
address 192.168.54.109
check_command check-host-alive
notification_interval 15
notification_options d,u,r
max_check_attempts 3
check_period 24x7
notification_period 24x7
use tpl_host_doc_wiki,tpl_host_sigxmsup01_pnp4nagios
contact_groups admins,project1_users
}

my contact_groups :
define contactgroup {
contactgroup_name admins
alias Nagios Administrators
members admin1, admin2, admin3
}
define contactgroup {
contactgroup_name project1_users
alias project1_users
members project1_user1,project1_user2
}

My authentification is based on ldap (ldap authent done with Apache).

Logged in truk with admin1, I could do almost all things with all hosts (admins is a contact_group for all my hosts) except the Process Info and System->Configuration.
Logged in truk with project1_user1, I could only access to the hosts with project1_users in contact_group.

After new tests, I can reproduce this with version 1.0.8, I change the issue title.

from thruk.

Ok, so when your admin group is contact for your hosts and services, you are allowed to see them because you are a contact for these hosts.
The cgi.cfg is for global overrides. You will see the same hosts and services if you remove "admins" from the cgi.cfg. This is all about host and
service contacts.
Then, when you remove your user "admin1" from the admins group and put the username in the cgi.cfg, you will see all hosts and services
again because then you have a global permission override.

See http://nagios.sourceforge.net/docs/3_0/cgiauth.html for details.

from thruk.