Skip to content
This repository has been archived by the owner. It is now read-only.

[dev.icinga.com #1679] User can execute host/servicegroup commands even if not authorized for #668

Closed
icinga-migration opened this Issue Jun 25, 2011 · 3 comments

Comments

Projects
None yet
1 participant
@icinga-migration
Copy link
Member

icinga-migration commented Jun 25, 2011

This issue has been migrated from Redmine: https://dev.icinga.com/issues/1679

Created by ricardo on 2011-06-25 20:26:24 +00:00

Assignee: ricardo
Status: Resolved (closed on 2011-06-29 09:19:13 +00:00)
Target Version: 1.4.2
Last Update: 2014-12-08 09:42:17 +00:00 (in Redmine)

Icinga Version: 1.10.0
OS Version: any

Mail from Sven Nierlein

Hi,

One of our customers found a bug in the nagios cgis. It's easy to reproduce:

1. create a new user
2. give him authorized_for_all_services and authorized_for_all_hosts in 
your cgi.cfg

The contact should now be able to see all hosts and services but should 
not be allowed to submit any commands.
However, if the contact submits hostgroup or servicegroup commands, they 
are accepted and executed.
The attached patch fixes that behavior.

Regards,
   Sven
@icinga-migration

This comment has been minimized.

Copy link
Member Author

icinga-migration commented Jun 25, 2011

Updated by ricardo on 2011-06-25 20:47:03 +00:00

  • Status changed from New to Feedback
  • Done % changed from 0 to 90

applied in current git "rbartels/cgis"

@icinga-migration

This comment has been minimized.

Copy link
Member Author

icinga-migration commented Jun 29, 2011

Updated by mfriedrich on 2011-06-29 09:19:13 +00:00

  • Status changed from Feedback to Resolved
  • Done % changed from 90 to 100
@icinga-migration

This comment has been minimized.

Copy link
Member Author

icinga-migration commented Dec 8, 2014

Updated by mfriedrich on 2014-12-08 09:42:17 +00:00

  • Project changed from 19 to Core, Classic UI, IDOUtils
  • Category set to Classic UI
  • Icinga Version set to 1
  • OS Version set to any
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.