[Pkg-nagios-devel] Bug#296306: nagios-pgsql: Documentation suggests loose database permissions for CGI scripts
Marcus Better
Marcus Better <marcus@better.se>, 296306-maintonly@bugs.debian.org
Mon, 21 Feb 2005 17:48:09 +0100
Package: nagios-pgsql
Version: 2:1.3-cvs.20050116-1
Severity: minor
The configuration suggested by README.pgsql defines only one database
user "nagios" with full access to the database. Since some of the CGI
scripts need only SELECT permission to certain tables, it is better to
create another user nagios_cgi with the minimum permissions.
This can be accomplished by adding the following commands to
those in README.pgsql:
-------------------------------------
# createuser -A -D nagios_cgi
in psql:
ALTER USER nagios PASSWORD 'my-secret-cgi-password';
GRANT SELECT ON hostextinfo, programstatus, servicestatus, hoststatus, hostcomments, servicecomments, hostdowntime, servicedowntime TO nagios_cgi;
-------------------------------------
Then the user and password for nagios_cgi should be entered in
/etc/nagios/nagios.cgi.
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (990, 'testing'), (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.10-thales
Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8)
Versions of packages nagios-pgsql depends on:
ii libc6 2.3.2.ds1-20 GNU C Library: Shared libraries an
ii libgd2-noxpm 2.0.33-1.1 GD Graphics Library version 2 (wit
ii libjpeg62 6b-9 The Independent JPEG Group's JPEG
ii libpng12-0 1.2.8rel-1 PNG library - runtime
ii libpq3 7.4.7-2 PostgreSQL C client library
ii nagios-common 2:1.3-cvs.20050116-1 A host/service/network monitoring
ii zlib1g 1:1.2.2-3 compression library - runtime
-- no debconf information