On Wed, 11 Dec 2002, Ed Ravin wrote: > I'm playing with using "watch = xxx" in mon.cgi.cf but it seems to > be an all-or-nothing deal - there doesn't seem to be a way to restrict > views based on individual users. And rightfully, user access control > ought to be in Mon rather than the user interface. Has anyone thought > about how to do this?
I thought about it a bit before I implemented that feature in mon.cgi. Basically it seemed like a lot of work, but very doable. In mon.cgi I just put a check before each command that operates on a given hostgroup to see if the user has access to operate on that hostgroup. I imagine this functionality could easily be put into mon. I think the bigger problem might be setting up an access control configuration that wouldn't drive you mad, assuming a given user (or group of users) could have different access privs to different hostgroups. e.g., 'view all' but only 'disable' in the 'help-desk-servers' group. Since no one had really asked for it, I thought I'd add that to mon.cgi and see if anyone actually used it, at least it could provide some basic access control. Using separate directories like this, each with their own mon.cgi.cf file, you could accomplish some neat things with apache authentication and access control directives, with URL's like this: http://your.mon.server/customer1/mon.cgi http://your.mon.server/customer2/mon.cgi BTW, there are some patches to mon.cgi needed for the watch keyword to work as intended. Contact me if you need them. andrew _______________________________________________ mon mailing list [EMAIL PROTECTED] http://linux.kernel.org/mailman/listinfo/mon
