If you've added a new Nagios user but still get the "no permission to view information" error, you're not alone. This is one of those persistent issues that bites many admins. Let me walk through the complete solution with some extra troubleshooting tips.
First, verify your cgi.cfg changes were properly applied. The most common oversight is forgetting that Nagios requires both authentication and authorization:
# Example of proper authorization in cgi.cfg
authorized_for_system_information=nagiosadmin,newuser
authorized_for_all_hosts=nagiosadmin,newuser
authorized_for_all_services=nagiosadmin,newuser
Check these critical points:
- The
htpasswd.usersfile should be readable by Apache - Verify SELinux contexts if applicable:
ls -Z /usr/local/nagios/etc/htpasswd.users - Check parent directory permissions (usually 755)
Don't just restart Nagios - do a full stack restart:
sudo systemctl restart nagios
sudo systemctl restart apache2
Check both Nagios and Apache logs for clues:
tail -f /var/log/nagios/nagios.log
tail -f /var/log/apache2/error.log
For larger setups, consider group-based permissions in cgi.cfg:
authorized_for_system_information=+nagios-admins
authorized_for_all_hosts=+nagios-admins,+noc-team
- Verify username spelling in both htpasswd and cgi.cfg
- Check for trailing commas in authorization lists
- Confirm no conflicting .htaccess files
- Test with different browsers to rule out cache issues
Many Nagios administrators encounter this perplexing situation: you've followed all the documented steps to create a new user and grant permissions, but the user still can't access any monitoring data in the web interface. The error message about insufficient permissions keeps appearing, despite what seems like proper configuration.
Let's verify each critical configuration point:
# 1. Verify user creation in htpasswd file:
htpasswd -v /usr/local/nagios/etc/htpasswd.users username
# 2. Check CGI configuration (typically /usr/local/nagios/etc/cgi.cfg):
authorized_for_system_information=nagiosadmin,username
authorized_for_configuration_information=nagiosadmin,username
authorized_for_system_commands=nagiosadmin,username
authorized_for_all_services=nagiosadmin,username
authorized_for_all_hosts=nagiosadmin,username
Several often-missed details can cause this issue:
- Whitespace in the username (both in htpasswd and cgi.cfg)
- Case sensitivity mismatches between files
- Missing Apache configuration directives for CGI authentication
- File permission issues on configuration files
Ensure your Apache configuration includes proper authentication directives. Here's a complete example for Nagios CGI access:
<Directory "/usr/local/nagios/sbin">
Options ExecCGI
AllowOverride None
Order allow,deny
Allow from all
AuthName "Nagios Access"
AuthType Basic
AuthUserFile /usr/local/nagios/etc/htpasswd.users
Require valid-user
</Directory>
Run these checks to verify proper permissions:
ls -l /usr/local/nagios/etc/htpasswd.users
ls -l /usr/local/nagios/etc/cgi.cfg
Both files should be readable by the Apache user (typically www-data or apache).
When all else fails, try these diagnostic measures:
# Check Apache error logs:
tail -f /var/log/apache2/error.log
# Enable Nagios debug mode temporarily:
nagios -v /usr/local/nagios/etc/nagios.cfg
# Verify credentials work directly:
curl -u username:password http://yournagios/nagios/cgi-bin/status.cgi
For complex environments, consider these approaches:
# Using groups in htpasswd:
authorized_for_system_information=+nagios_admins
# Fine-grained service access:
authorized_contactgroup_for_all_services=it_staff
authorized_contactgroup_for_all_hosts=network_team
After making changes, perform these actions:
# Test configuration:
nagios -v /usr/local/nagios/etc/nagios.cfg
# Restart services:
systemctl restart nagios
systemctl restart apache2