From b5cd5d5a371935ecb7dc18a48de0743c367f8a46 Mon Sep 17 00:00:00 2001
From: 12ww1160 <12ww1160@confdroid.com>
Date: Sat, 7 Mar 2026 15:59:21 +0100
Subject: [PATCH] OP#436 start cgi.cfg

---
 manifests/params.pp          |  1 -
 manifests/server/files.pp    |  2 +-
 templates/nagios/cgi_cfg.erb | 90 ++++--------------------------------
 3 files changed, 10 insertions(+), 83 deletions(-)

diff --git a/manifests/params.pp b/manifests/params.pp
index b2d7ebf..53e15df 100644
--- a/manifests/params.pp
+++ b/manifests/params.pp
@@ -534,7 +534,6 @@ class confdroid_nagios::params (
   String $ng_svc_cmd_auth            = '',
   String $ng_readonly_auth           = '' ,
 
-
 # httpd
   Boolean $ng_use_https               = false,
 
diff --git a/manifests/server/files.pp b/manifests/server/files.pp
index d832f08..9feef19 100644
--- a/manifests/server/files.pp
+++ b/manifests/server/files.pp
@@ -23,7 +23,7 @@ class confdroid_nagios::server::files (
 
     file { $ng_cgi_cfg_file:
       ensure   => file,
-      owner    => 'nagios',
+      owner    => 'root',
       group    => 'nagios',
       mode     => '0644',
       selrange => s0,
diff --git a/templates/nagios/cgi_cfg.erb b/templates/nagios/cgi_cfg.erb
index 0985f8d..f1e5a99 100644
--- a/templates/nagios/cgi_cfg.erb
+++ b/templates/nagios/cgi_cfg.erb
@@ -22,88 +22,16 @@ default_user_name=<%= @ng_def_user_name %>
 #default_user_name=guest
 <% end -%>
 
-authorized_for_system_information=<%= @ng_nagios_admin %>,<%= @ng_sysinfo_auth %>
-authorized_for_configuration_information=<%= @ng_nagios_admin %>,<%= @ng_confinfo_auth %>
-authorized_for_system_commands=<%= @ng_nagios_admin %>,<%= @ng_command_auth %>
-authorized_for_all_services=<%= @ng_nagios_admin %>,<%= @ng_serviceview_auth %>
-authorized_for_all_hosts=<%= @ng_nagios_admin %>,<%= @ng_hostview_auth %>
-authorized_for_all_service_commands=<%= @ng_nagios_admin %>,<%= @ng_svc_cmd_auth %>
-authorized_for_all_host_commands=<%= @ng_nagios_admin %>,<%= @ng_host_cmd_auth %>
+authorized_for_system_information=<%= @ng_main_user %>,<%= @ng_sysinfo_auth %>
+authorized_for_configuration_information=<%= @ng_main_user %>,<%= @ng_confinfo_auth %>
+authorized_for_system_commands=<%= @ng_main_user %>,<%= @ng_command_auth %>
+authorized_for_all_services=<%= @ng_main_user %>,<%= @ng_serviceview_auth %>
+authorized_for_all_hosts=<%= @ng_main_user %>,<%= @ng_hostview_auth %>
+authorized_for_all_service_commands=<%= @ng_main_user %>,<%= @ng_svc_cmd_auth %>
+authorized_for_all_host_commands=<%= @ng_main_user %>,<%= @ng_host_cmd_auth %>
+<% unless @ng_readonly_auth.empty? -%>
 authorized_for_read_only=<%= @ng_readonly_auth %>
-
-
-# SYSTEM/PROCESS INFORMATION ACCESS
-# This option is a comma-delimited list of all usernames that
-# have access to viewing the Nagios process information as
-# provided by the Extended Information CGI (extinfo.cgi).  By
-# default, *no one* has access to this unless you choose to
-# not use authorization.  You may use an asterisk (*) to
-# authorize any user who has authenticated to the web server.
-
-authorized_for_system_information=nagiosadmin
-
-
-
-# CONFIGURATION INFORMATION ACCESS
-# This option is a comma-delimited list of all usernames that
-# can view ALL configuration information (hosts, commands, etc).
-# By default, users can only view configuration information
-# for the hosts and services they are contacts for. You may use
-# an asterisk (*) to authorize any user who has authenticated
-# to the web server.
-
-authorized_for_configuration_information=nagiosadmin
-
-
-
-# SYSTEM/PROCESS COMMAND ACCESS
-# This option is a comma-delimited list of all usernames that
-# can issue shutdown and restart commands to Nagios via the
-# command CGI (cmd.cgi).  Users in this list can also change
-# the program mode to active or standby. By default, *no one*
-# has access to this unless you choose to not use authorization.
-# You may use an asterisk (*) to authorize any user who has
-# authenticated to the web server.
-
-authorized_for_system_commands=nagiosadmin
-
-
-
-# GLOBAL HOST/SERVICE VIEW ACCESS
-# These two options are comma-delimited lists of all usernames that
-# can view information for all hosts and services that are being
-# monitored.  By default, users can only view information
-# for hosts or services that they are contacts for (unless you
-# you choose to not use authorization). You may use an asterisk (*)
-# to authorize any user who has authenticated to the web server.
-
-authorized_for_all_services=nagiosadmin
-authorized_for_all_hosts=nagiosadmin
-
-
-
-# GLOBAL HOST/SERVICE COMMAND ACCESS
-# These two options are comma-delimited lists of all usernames that
-# can issue host or service related commands via the command
-# CGI (cmd.cgi) for all hosts and services that are being monitored.
-# By default, users can only issue commands for hosts or services
-# that they are contacts for (unless you choose to not use
-# authorization).  You may use an asterisk (*) to authorize any
-# user who has authenticated to the web server.
-
-authorized_for_all_service_commands=nagiosadmin
-authorized_for_all_host_commands=nagiosadmin
-
-
-
-# READ-ONLY USERS
-# A comma-delimited list of usernames that have read-only rights in
-# the CGIs.  This will block any service or host commands normally shown
-# on the extinfo CGI pages.  It will also block comments from being shown
-# to read-only users.
-
-#authorized_for_read_only=user1,user2
-
+<% end -%>
 
 
 # STATUSMAP BACKGROUND IMAGE