[hobbit] User management for Xymon?!

Johan Sjöberg johan.sjoberg at deltamanagement.se
Thu Jul 8 09:39:45 CEST 2010


> > Just to setup a new user and select the view/folder/sub-folder, where
> > the user has permissions to.
> 
> Well, as others have stated, this is already possible, depending on the web
> server you are using. However, what isn't currently easy, is preventing users
> from seeing information about servers they are not supposed to be able to
> see,
> via the CGIs (which accept hostnames as parameters).

For this, we have created a cgi script that is loaded from hobbitcgi.cfg. The script checks which script is being run, it only allows the ones that do not contain "seccgi". If it is an allowed script, it checks the hostname parameter versus the $REMOTE_USER. We have the customer name in the hostnames, so that works for us. This is really ugly though, and it would be really nice to have it built-in. Maybe also be able to set permissions for the seccgi scripts, for example only showing the allowed hosts in Enable/Disable, and acknowledge.
I have currently fixed the script so that customers can disable and enable from the info pages for their hosts, but I don't think this script would pass a proper security review. It suits our basic needs though, since our Xymon install is only accessible for a few of our customers, via VPN.
We also have .htaccess files in each "page" folder, allowing each customer access. This is what sets the $REMOTE_USER variable.

/Johan


More information about the Xymon mailing list