Ad Widget

Collapse

guest account can acknowledge triggers by default

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • pattieja
    Junior Member
    • Mar 2005
    • 14
    #1

    guest account can acknowledge triggers by default

    I'm not sure from a security standpoint that the default guest user account should be allowed to acknowledge triggers and add comments to them. The only permission that the guest user account has (ZABBIX 1.1beta8) is:

    HTML Code:
    Permission     Right
Default permission - Read only
    Last edited by pattieja; 05-04-2006, 00:54.
    Tags: None
    • Alexei
      Founder, CEO
      Zabbix Certified Trainer
      Zabbix Certified SpecialistZabbix Certified Professional
      • Sep 2004
      • 5654
      #2
      To be fixed.
      Alexei Vladishev
      Creator of Zabbix, Product manager
      New York | Tokyo | Riga
      My Twitter

        Comment

        • rruth
          Junior Member
          • Feb 2010
          • 6
          #3
          I am having the same issue in Zabbix-1.8.2: My guest account which is a member of the Guests group which has read-only permissions of host groups is able to acknowledge events.

          Other than disabling GUI Access, which makes the guest account useless, how do I allow 'guest' to monitor Zabbix but NOT be able to acknowledge events?

            Comment

            • llurch
              Junior Member
              • Aug 2013
              • 3
              #4
              Hack to 2.0.6 to remove comment box for guests

              I would not say that this "prevents" guests from commenting. Anyone who knows the right form fields can still submit them. Still, it helps.

              I also pre-populate the text field for lazy logged-in users. I can understand wanting to make sure that admins communicate, but I think it's more important to motivate them to acknowledge issues, even without comment.

              Code:
              --- acknow.php.orig     2013-08-08 23:06:26.423250336 -0500
+++ acknow.php  2013-08-09 13:16:42.673230166 -0500
@@ -204,13 +204,16 @@
                $frmMsg->addVar('events['.$eventid.']', $eventid);
        }
 }
-
-$frmMsg->addRow(_('Message'), new CTextArea('message', '', array('rows' => ZBX_TEXTAREA_STANDARD_ROWS, 'width' => ZBX_TEXTAREA_BIG_WIDTH, 'maxlength' => 255)));
+if ($USER_DETAILS['alias'] == 'guest') {
+  $frmMsg->addRow(_('Message'), 'Please login to acknowledge an event or comment.');
+} else {
+$frmMsg->addRow(_('Message'), new CTextArea('message', $USER_DETAILS['name'] . " acknowledged without comment", array('rows' => ZBX_TEXTAREA_STANDARD_ROWS, 'width' => ZBX_TEXTAREA_BIG_WIDTH, 'maxlength' => 255)));
 $frmMsg->addItemToBottomRow(new CSubmit('saveandreturn', $btn_txt2));
 if (!$bulk) {
        $frmMsg->addItemToBottomRow(new CSubmit('save', $btn_txt));
 }
 $frmMsg->addItemToBottomRow(new CButtonCancel(url_param('backurl').url_param('eventid').url_param('triggerid').url_param('screenid')));
+} // end of hack to stop Guest acknowledgments
 $frmMsg->show(false);

 require_once dirname(__FILE__).'/include/page_footer.php';

                Comment

                Previous template Next
                Working...