[j-nsp] class permission problem

• Next message: Saku Ytti: "Re: Link aggregation on Gigabit-Ethernet"
• Previous message: Jonathan Tse: "Re: Link aggregation on Gigabit-Ethernet"
• Next in thread: Stephen Gill: "Re: [j-nsp] class permission problem"
• Reply: Stephen Gill: "Re: [j-nsp] class permission problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

Hi,

from documentation

-----------------
permissions
Syntax
permissions [ permissions ];
Hierarchy Level
[edit system login class]
Description
Configure the login access privileges to be provided on the router.
Options
permissions--Privilege type.
Usage Guidelines
See Configure Access Privilege Levels
Required Privilege Level
admin--To view this statement in the configuration.
admin-control--To add this statement to the configuration.

--------------

i set this config

system {
    }
    login {
        class labuser {
            idle-timeout 30;
            permissions [ clear configure control field floppy interface
interface-control network reset routing routing-control shell snmp
snmp-control system system-control trace trace-control view maintenance
firewall firewall-control secret secret-control rollback ];
        }
        user juniper {
            uid 2002;
            class labuser;
            authentication {
                encrypted-password "$1$TCPMb$PhlaybNr.MWLPR5XXKK.Y0"; #
SECRET-DATA
            }
        }
        user lab {
            uid 2000;
            class operator;
            authentication {
                encrypted-password "$1$nLUQb$nefOd7kaG1J9V14CABf8h/"; #
SECRET-DATA
            }

i don't set admin and admin-control to class labuser permission but from
user juniper i can change the user config and commit them:

juniper@M20-LAB> edit
Entering configuration mode

[edit]
juniper@M20-LAB# set system login user juniper class super-user

[edit]
juniper@M20-LAB# commit and-quit
commit complete
Exiting configuration mode

juniper@M20-LAB> exit

M20-LAB (ttyd0)

login: juniper
Password:
Last login: Mon Jun 18 14:50:49 on ttyd0

--- JUNOS 4.4R2.3 built 2001-05-30 00:57:00 UTC

juniper@M20-LAB> show configuration
version 4.4R2.3;
system {
    }
    login {
        class labuser {
            idle-timeout 30;
            permissions [ clear configure control field floppy interface
interface-control network reset routing routing-control shell snmp
snmp-control system system-control trace trace-control view maintenance
firewall firewall-control secret secret-control rollback ];
        }
        user juniper {
            uid 2002;
            class super-user;
            authentication {
                encrypted-password "$1$TCPMb$PhlaybNr.MWLPR5XXKK.Y0"; #
SECRET-DATA
            }
        }

-----------------------------

some idea.

stefano

• Next message: Saku Ytti: "Re: Link aggregation on Gigabit-Ethernet"
• Previous message: Jonathan Tse: "Re: Link aggregation on Gigabit-Ethernet"
• Next in thread: Stephen Gill: "Re: [j-nsp] class permission problem"
• Reply: Stephen Gill: "Re: [j-nsp] class permission problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Mon Aug 05 2002 - 10:42:37 EDT