[Pkg-nagios-devel] Bug#296306: nagios-pgsql: Documentation suggests loose database permissions for CGI scripts

Marcus Better Marcus Better <marcus@better.se>, 296306-maintonly@bugs.debian.org
Mon, 21 Feb 2005 17:48:09 +0100

Package: nagios-pgsql
Version: 2:1.3-cvs.20050116-1
Severity: minor

The configuration suggested by README.pgsql defines only one database
user "nagios" with full access to the database. Since some of the CGI
scripts need only SELECT permission to certain tables, it is better to
create another user nagios_cgi with the minimum permissions.

This can be accomplished by adding the following commands to
those in README.pgsql:

# createuser -A -D nagios_cgi

in psql:

ALTER USER nagios PASSWORD 'my-secret-cgi-password';

GRANT SELECT ON hostextinfo, programstatus, servicestatus, hoststatus, hostcomments, servicecomments, hostdowntime, servicedowntime TO nagios_cgi;

Then the user and password for nagios_cgi should be entered in

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.10-thales
Locale: LANG=sv_SE.UTF-8, LC_CTYPE=sv_SE.UTF-8 (charmap=UTF-8)

Versions of packages nagios-pgsql depends on:
ii  libc6               2.3.2.ds1-20         GNU C Library: Shared libraries an
ii  libgd2-noxpm        2.0.33-1.1           GD Graphics Library version 2 (wit
ii  libjpeg62           6b-9                 The Independent JPEG Group's JPEG 
ii  libpng12-0          1.2.8rel-1           PNG library - runtime
ii  libpq3              7.4.7-2              PostgreSQL C client library
ii  nagios-common       2:1.3-cvs.20050116-1 A host/service/network monitoring 
ii  zlib1g              1:1.2.2-3            compression library - runtime

-- no debconf information