nagios user - 添加用户

【基本介绍】
这里介绍nagios添加用户和用户权限管理

【基本配置】
1. 用户添加  2. 用户权限管理
1. 用户添加
用户是由web服务器提供的用户管理。
例如apache里面：用户和密码是有AuthUserFile配置文件来管理。

<VirtualHost *:80>
    DocumentRoot  /usr/local/nagios/share
    ServerName    xxxxx.com

    ScriptAlias /nagios/cgi-bin "/usr/local/nagios/sbin"
<Directory "/usr/local/nagios/sbin">
   Options ExecCGI
   AllowOverride None
   Order allow,deny
   Allow from all
   AuthName "Nagios Access"
   AuthType Basic
   AuthUserFile /usr/local/nagios/etc/htpasswd.users
   Require valid-user
</Directory>
Alias /nagios "/usr/local/nagios/share"
<Directory "/usr/local/nagios/share">
  Options FollowSymLinks
   AllowOverride None
   Order allow,deny
   Allow from all
   AuthName "Nagios Access"
   AuthType Basic
   AuthUserFile /usr/local/nagios/etc/htpasswd.users
   Require valid-user
</Directory>
</VirtualHost>

用户密码配置文件：用户名：密码

[root@nagioscn etc]# cat /usr/local/nagios/etc/htpasswd.users
nagiosadmin:$apr1$M0Sez/..$Q8AqOHqxIJiE6ETuM9FSx0
viewer:OIC0OF3rCMztE

2. 用户权限是有nagios来管理访问nagios的权限
配置文件：/usr/local/nagios/etc/cgi.cfg

use_authentication=1  #是否开启用户认证
use_ssl_authentication=0   #是否允许使用x509cert(SSL)
#default_user_name=guest   #默认用户无需认证
authorized_for_system_information=nagiosadmin,admin  #系统信息的访问权限
authorized_for_configuration_information=nagiosadmin,admin  #配置信息的访问权限
authorized_for_system_commands=nagiosadmin,admin  #配置系统命令的访问权限
authorized_for_all_services=nagiosadmin,admin,guest,viewer  #全局services的访问权限
authorized_for_all_hosts=nagiosadmin,admin,guest,viewer     #全局hosts的访问权限
authorized_for_all_service_commands=nagiosadmin,admin       #全局services命令的访问权限
authorized_for_all_host_commands=nagiosadmin,admin			#全局hosts命令的访问权限
authorized_for_read_only=guest,viewer      #配置只读用户的访问权限

【htpasswd】
htpasswd用户创建用户和密码配置文件

[root@nagioscn etc]# htpasswd -h
Usage:
        htpasswd [-cmdpsD] passwordfile username
        htpasswd -b[cmdpsD] passwordfile username password

        htpasswd -n[mdps] username
        htpasswd -nb[mdps] username password
 -c  Create a new file.
 -n  Don't update file; display results on stdout.
 -m  Force MD5 encryption of the password.
 -d  Force CRYPT encryption of the password (default).
 -p  Do not encrypt the password (plaintext).
 -s  Force SHA encryption of the password.
 -b  Use the password from the command line rather than prompting for it.
 -D  Delete the specified user.
On Windows, NetWare and TPF systems the '-m' flag is used by default.
On all other systems, the '-p' flag will probably not work.